last executing test programs: 5.688470091s ago: executing program 3 (id=3399): getpeername$netlink(0xffffffffffffffff, &(0x7f0000000200), &(0x7f0000000400)=0xc) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000580)=ANY=[@ANYRES16=0x0], &(0x7f0000000440)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x26, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00'}, 0x10) eventfd2(0x0, 0x0) io_setup(0x5, &(0x7f0000000000)) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.stat\x00', 0x275a, 0x0) write$binfmt_aout(r0, &(0x7f00000010c0)=ANY=[], 0x1a3) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r2, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) bind$alg(r1, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'adiantum(xchacha20-simd,anubis-generic,nhpoly1305-sse2)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000300)="c99b57381801238c09d0ff0f1d0dbd301e5a47b2f3caa73dcd2a6a370554375a", 0x20) 5.057370358s ago: executing program 2 (id=3403): sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) r0 = openat$smack_thread_current(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) writev(r0, &(0x7f0000000440)=[{&(0x7f00000000c0)='I', 0x1}], 0x1) capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)) mknodat$loop(0xffffffffffffff9c, 0x0, 0x1000, 0x0) add_key$keyring(&(0x7f0000000280), &(0x7f00000002c0)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffc) 4.905526672s ago: executing program 2 (id=3404): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000090000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r1}, 0x10) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x200000005c832, 0xffffffffffffffff, 0x0) 4.797936679s ago: executing program 2 (id=3405): r0 = socket(0x11, 0x3, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000300)=0x16, 0x4) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000005c0)={'gre0\x00', 0x0}) bind$packet(r0, &(0x7f0000000180)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000240)=0xe9, 0x4) sendmsg$netlink(r0, &(0x7f0000002ac0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000000280)=ANY=[@ANYBLOB="02011400012918000e3580009f0001140000002f0600ac141414e0000003808a8972bd0b72e41082b1a3d2061fd7fdfe4b88942a31f48597e36e039b1c599db6e466749c2d4c8303a0f7fbda34fb8825f80200e3c0aba61f6304000000ffffca88faca"], 0xdd12}], 0x1}, 0x0) 4.739144524s ago: executing program 2 (id=3407): rseq(&(0x7f0000000040), 0x20, 0x0, 0x0) unshare(0x22020400) bpf$MAP_CREATE(0x0, 0x0, 0x0) r0 = epoll_create1(0x0) r1 = epoll_create1(0x0) getdents(0xffffffffffffffff, 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000100)={0xa000000d}) 4.540416596s ago: executing program 3 (id=3408): r0 = socket$unix(0x1, 0x2, 0x0) bind$unix(r0, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r1 = socket$unix(0x1, 0x2, 0x0) connect$unix(r1, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) sendmmsg(r1, &(0x7f0000002dc0), 0x307017fdb7a66cb, 0x0) connect$unix(r0, &(0x7f0000000200)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) connect$unix(r0, &(0x7f0000000000)=@file={0x0, '\xe9\x1fq\x89Y\x1e\x923aK/file0\x00'}, 0x6e) 4.539815158s ago: executing program 0 (id=3409): unlink(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r0, 0xc004743e, 0x20001400) ioctl$TUNSETOFFLOAD(r0, 0x40047451, 0x20000015) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={0xffffffffffffffff, 0x0, 0x7, 0x0, &(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@struct]}}, &(0x7f0000000040)=""/247, 0x26, 0xf7, 0x1}, 0x20) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000500)={0x6, 0x3, &(0x7f0000000200)=@framed, &(0x7f0000000280)='GPL\x00', 0x5, 0xe2, &(0x7f00000002c0)=""/226, 0x0, 0x0, '\x00', 0x0, 0x25, r1, 0x8, 0x0, 0x0, 0x10, &(0x7f00000004c0), 0x2}, 0x80) write$cgroup_devices(0xffffffffffffffff, 0x0, 0xffdd) 3.684137854s ago: executing program 2 (id=3411): r0 = socket$kcm(0x10, 0x2, 0x4) socket$inet_icmp_raw(0x2, 0x3, 0x1) sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000001540)=[{&(0x7f00000001c0)="48000000140081fb7059ae08060c040002ff0f03900000000000000000006fabca3b4e7d06a6bd7c00000000030000068a562ad6e74703c48f93bc2a02000000461eb886a5e54f8f", 0x48}], 0x1}, 0x0) recvmsg$kcm(r0, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x0) 3.641421593s ago: executing program 4 (id=3412): openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) socket$kcm(0x2, 0xa, 0x2) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'batadv_slave_1\x00'}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) kexec_load(0x9632, 0x0, &(0x7f0000000440), 0x1) keyctl$reject(0x2, 0x0, 0x0, 0x0, 0x0) r3 = syz_init_net_socket$ax25(0x3, 0x3, 0x0) ioctl$SIOCAX25CTLCON(r3, 0x89e9, &(0x7f0000000000)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @bcast, @bcast, 0x0, 0x0, 0x0, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}]}) 3.537678887s ago: executing program 2 (id=3413): r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xf, &(0x7f0000000640)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70200001400000fb7030000000007008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000880)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r3}, 0x10) r4 = openat$uhid(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0) write$UHID_CREATE(r4, &(0x7f00000002c0)={0x0, {'syz0\x00', 'syz0\x00', 'syz1\x00', &(0x7f0000000540)=""/32, 0x20}}, 0x120) syz_usb_connect$hid(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="1201000000000040341a02080000000000010902"], 0x0) r5 = syz_open_dev$hidraw(&(0x7f0000000080), 0x0, 0x0) ioctl$HIDIOCGFEATURE(r5, 0xc0404807, &(0x7f0000000100)={0x0, "743fedd3add15c65712ea4c5a112f60f8377ba5089b34f08204569381985d16e9cfd3974fb09fa9fa4ff42a688e0302b715f37ed8ab4cc1e5f75db3bb5cfb510"}) write$UHID_DESTROY(r4, &(0x7f0000000040), 0x4) unlink(0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r2}, 0x10) r6 = socket(0x10, 0x3, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000400), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_SUBFLOW_CREATE(r7, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000580)={0x24, r8, 0x1, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR_REMOTE={0x4}, @MPTCP_PM_ATTR_ADDR={0x4}, @MPTCP_PM_ATTR_TOKEN={0x8}]}, 0x24}}, 0x0) r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d00000007"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) set_mempolicy(0x4005, &(0x7f0000000000)=0x7e, 0x8) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000003c0)='ext4_get_implied_cluster_alloc_exit\x00', r9}, 0x10) sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x403, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @veth={{0x9}, {0x18, 0x2, 0x0, 0x1, @val=@VETH_INFO_PEER={0x14}}}}, @IFLA_NUM_RX_QUEUES={0x8, 0x20, 0x10}]}, 0x50}}, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xb) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00'}, 0x10) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xb) 3.536170426s ago: executing program 0 (id=3414): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000bc0), r0) sendmsg$NLBL_CIPSOV4_C_ADD(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000140)={0x44, r1, 0x1, 0x0, 0x0, {}, [@NLBL_CIPSOV4_A_TAGLST={0x4}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x1}, @NLBL_CIPSOV4_A_DOI={0x8}, @NLBL_CIPSOV4_A_MLSLVLLST={0x1c}, @NLBL_CIPSOV4_A_MLSCATLST={0x4, 0xc, 0x0, 0x1, [{0x14, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x9, 0x6}, @NLBL_CIPSOV4_A_MLSCATREM={0x8}]}]}]}, 0x44}}, 0x0) 3.204859217s ago: executing program 0 (id=3415): r0 = socket(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001240)={&(0x7f0000000400)={0x184, 0x19, 0x1, 0x0, 0x0, {0x1d, 0xd601, 0x9}, [@nested={0x50, 0x12, 0x0, 0x1, [@typed={0x49, 0x0, 0x0, 0x0, @binary="040f1aa7979c07c28617e59e36e3c5d2d96b964c8d29166cdf0ebdc4f7b5007cc8c49e3eab4e10107ad8317b799033a76127a38e615f9cd2e9aaac6271417f88258ee49f91"}]}, @nested={0x11e, 0x6, 0x0, 0x1, [@generic="596ba1e9531921c3af1a61cacf3a2cb9bb5cd0bf73ed94c551f271fe52097b0b7e1869d38c7f699157808093c634ee54e06090b0c54a57b886cc1342a9f60da02a7aad0d609c3121b93d2514da9094da38a2a384f2d399fb589a6a6bda405f7b74a89bc4e40b5243fd22b133b33bae78126a311c5df2990e8227", @generic="ea3b06088a6893f038d10c9452cd81bc6fabe150", @typed={0x89, 0x0, 0x0, 0x0, @binary="bb46309871fbbc8e33139068644765bf076115fcd30c6a8ca5babf1192c6af5dfc3e2bd63a3f580831d6fd4bb70650af5a71eef9006b4a391d929013ce7bbd6c46834b5a0983f7e5d2e06cfa105fac266268f8ec9952d470ab47c35e73fea25cda0381ec347d18de3ee0acda8dac7f4d5c9ab83b73cc10f1f93d5cb5e3d4ad0aa25e37d4b3"}]}]}, 0x184}}, 0x0) 2.624470925s ago: executing program 0 (id=3416): syz_open_dev$vbi(0x0, 0x0, 0x2) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) ioctl$IOMMU_OPTION$IOMMU_OPTION_RLIMIT_MODE(0xffffffffffffffff, 0x3b87, 0x0) r3 = syz_init_net_socket$ax25(0x3, 0x5, 0x0) ioctl$sock_SIOCADDRT(r3, 0x890b, &(0x7f0000002580)={0x0, @vsock={0x28, 0x0, 0x0, @my=0x0}, @rc={0x1f, @fixed}, @xdp}) 2.596325825s ago: executing program 3 (id=3417): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="3c00000010000100"/20, @ANYRES32, @ANYBLOB="000000000000000014001680100001800c00090000000080"], 0x3c}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[@ANYBLOB="3400000013000500000000000000000007000000", @ANYRES32=r2, @ANYBLOB="000000000000000014001a80100004800c000180080001"], 0x34}}, 0x0) 2.501693707s ago: executing program 4 (id=3418): ioperm(0x9, 0x7ff, 0x1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) openat$ptp0(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r3 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r3, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r3, 0xc01064b5, &(0x7f0000000140)={&(0x7f00000006c0)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_GETPLANE(r3, 0xc02064b6, &(0x7f00000003c0)={r4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_SETCRTC(r3, 0xc06864a2, &(0x7f0000000400)={0x0, 0x0, r5, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "b4bc323ef77d1f000071849800000000deff00000000e6ffffff00"}}) ioctl$DRM_IOCTL_MODE_GETCRTC(r3, 0xc06864a1, &(0x7f0000000340)={0x0, 0x0, r5}) ioctl$PTP_PIN_SETFUNC(0xffffffffffffffff, 0x40603d07, 0x0) r6 = socket(0x10, 0x3, 0x0) getsockopt$sock_cred(r6, 0x1, 0x1e, &(0x7f0000caaffb), 0x0) shmget$private(0x0, 0x3000, 0x0, &(0x7f0000ffa000/0x3000)=nil) shmat(0x0, &(0x7f0000fa4000/0x4000)=nil, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x0, &(0x7f0000000340)={&(0x7f0000000200)={0x2, 0x0, 0x0, 0x9, 0x5, 0x0, 0x0, 0x0, [@sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @local}}]}, 0x28}, 0x1, 0x7}, 0x0) r7 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_ADD_VIF(r7, 0x0, 0xca, 0x0, 0x0) dup(0xffffffffffffffff) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x0, 0x11, 0xffffffffffffffff, 0x0) 2.466907115s ago: executing program 3 (id=3419): getpeername$netlink(0xffffffffffffffff, &(0x7f0000000200), &(0x7f0000000400)=0xc) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000580)=ANY=[@ANYRES16=0x0], &(0x7f0000000440)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x26, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00'}, 0x10) eventfd2(0x0, 0x0) io_setup(0x5, &(0x7f0000000000)) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.stat\x00', 0x275a, 0x0) write$binfmt_aout(r0, &(0x7f00000010c0)=ANY=[], 0x1a3) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r2, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) bind$alg(r1, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'adiantum(xchacha20-simd,anubis-generic,nhpoly1305-sse2)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000300)="c99b57381801238c09d0ff0f1d0dbd301e5a47b2f3caa73dcd2a6a370554375a", 0x20) 2.28628374s ago: executing program 1 (id=3420): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000002c0)='mmap_lock_acquire_returned\x00', r0}, 0x10) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') fchdir(r1) r2 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) getdents(r2, &(0x7f0000001fc0)=""/184, 0xb8) 1.463969464s ago: executing program 4 (id=3421): munmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000) munlock(&(0x7f0000ffd000/0x3000)=nil, 0x3000) r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs2/binder0\x00', 0xc02, 0x0) mmap$binder(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1, 0x11, 0xffffffffffffffff, 0xcb73) mmap$binder(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x1, 0x11, r0, 0x100) r1 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SELLOADLUT(r1, 0x541c, 0x0) ioctl$TCGETS2(0xffffffffffffffff, 0x802c542a, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) writev(r1, &(0x7f0000000440)=[{0x0}], 0x1) ioctl$INCFS_IOC_GET_FILLED_BLOCKS(0xffffffffffffffff, 0x80286722, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f00000005c0)) r2 = syz_open_procfs$namespace(0x0, &(0x7f0000000600)='ns/uts\x00') ioctl$FS_IOC_FIEMAP(r2, 0xc020660b, &(0x7f0000000640)={0x7, 0x0, 0x0, 0x0, 0x5, [{0x10001, 0x200, 0x10001, '\x00', 0x20c}, {}, {0x0, 0x6, 0x19d3}, {0x0, 0x4}, {0xfffffffffffffff9, 0x3ff, 0x100, '\x00', 0x202}]}) ioctl$BTRFS_IOC_SUBVOL_SETFLAGS(r1, 0x4008941a, 0x0) ioctl$TIOCNOTTY(r1, 0x5422) fcntl$lock(0xffffffffffffffff, 0x0, 0x0) ioctl$KDDELIO(0xffffffffffffffff, 0x4b35, 0x0) mq_open(&(0x7f0000000940)='-\xb2\x00', 0x40, 0x4a, &(0x7f0000000980)={0x0, 0xdc, 0x81, 0x2}) 1.425250284s ago: executing program 1 (id=3422): rseq(&(0x7f0000000040), 0x20, 0x0, 0x0) unshare(0x22020400) bpf$MAP_CREATE(0x0, 0x0, 0x0) r0 = epoll_create1(0x0) r1 = epoll_create1(0x0) getdents(0xffffffffffffffff, 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000100)={0xa000000d}) 1.311720194s ago: executing program 1 (id=3423): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=@base={0x5, 0x4, 0x2, 0xa4, 0x0, 0x1}, 0x48) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000240)={r0, &(0x7f0000000180), &(0x7f0000000200)=@tcp, 0x3}, 0x20) 1.19392153s ago: executing program 4 (id=3424): unlink(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r0, 0xc004743e, 0x20001400) ioctl$TUNSETOFFLOAD(r0, 0x40047451, 0x20000015) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={0xffffffffffffffff, 0x0, 0x7, 0x0, &(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@struct]}}, &(0x7f0000000040)=""/247, 0x26, 0xf7, 0x1}, 0x20) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000500)={0x6, 0x3, &(0x7f0000000200)=@framed, &(0x7f0000000280)='GPL\x00', 0x5, 0xe2, &(0x7f00000002c0)=""/226, 0x0, 0x0, '\x00', 0x0, 0x25, r1, 0x8, 0x0, 0x0, 0x10, &(0x7f00000004c0), 0x2}, 0x80) write$cgroup_devices(0xffffffffffffffff, 0x0, 0xffdd) 1.164673556s ago: executing program 1 (id=3425): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000bc0), r0) sendmsg$NLBL_CIPSOV4_C_ADD(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000140)={0x44, r1, 0x1, 0x0, 0x0, {}, [@NLBL_CIPSOV4_A_TAGLST={0x4}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x1}, @NLBL_CIPSOV4_A_DOI={0x8}, @NLBL_CIPSOV4_A_MLSLVLLST={0x1c}, @NLBL_CIPSOV4_A_MLSCATLST={0x4, 0xc, 0x0, 0x1, [{0x14, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x9, 0x6}, @NLBL_CIPSOV4_A_MLSCATREM={0x8}]}]}]}, 0x44}}, 0x0) 1.104980325s ago: executing program 3 (id=3426): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$inet_udp(0x2, 0x2, 0x0) r2 = syz_io_uring_setup(0x24fb, &(0x7f0000000000)={0x0, 0x0, 0x10100}, &(0x7f0000000180)=0x0, &(0x7f00000000c0)=0x0) r5 = socket$inet6_sctp(0xa, 0x1, 0x84) syz_io_uring_submit(r3, r4, &(0x7f00000001c0)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, r5, 0x0}) listen(r5, 0x100) io_uring_enter(r2, 0x2d3e, 0x0, 0x0, 0x0, 0x0) r6 = accept4(r5, 0x0, 0x0, 0x0) shutdown(r5, 0x0) close(r1) r7 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r7, 0x8914, 0x0) write$tun(r0, &(0x7f0000000240)=ANY=[@ANYBLOB="034886dd010000000000000000006000000001002100fe880001000000000000060000007d01ff0200000000000000000000000000010000eca140"], 0xfdef) ioctl$SIOCSIFMTU(r6, 0x8922, &(0x7f0000000080)={'macvtap0\x00', 0xfffffffd}) 1.038672045s ago: executing program 1 (id=3427): r0 = socket$unix(0x1, 0x2, 0x0) bind$unix(r0, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r1 = socket$unix(0x1, 0x2, 0x0) connect$unix(r1, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) sendmmsg(r1, &(0x7f0000002dc0), 0x307017fdb7a66cb, 0x0) connect$unix(r0, &(0x7f0000000200)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) connect$unix(r0, &(0x7f0000000000)=@file={0x0, '\xe9\x1fq\x89Y\x1e\x923aK/file0\x00'}, 0x6e) 1.00819649s ago: executing program 4 (id=3428): r0 = syz_open_dev$usbfs(&(0x7f0000000480), 0x77, 0x141341) ioctl$USBDEVFS_DISCONNECT_CLAIM(r0, 0x8108551b, &(0x7f0000000080)={0x0, 0x0, "b2d8f8e77ab2332d21644baf6c907902f9f25f7213c53e80ab517c412c400ec87403532622fe60e1c4d2be1b49d489a406c27759826b565edfddf3ba0231556e5f2a88065c0a960381094ba68dd5dcea98550919fecdafef292fd10b2985aca4426670e0ec35a8c9cb9aad285b776a4541e51908b33655fbb0c03dd0784308c26fed170bc32bfc57409a166228c30fecd7d40d26bbf2b764d350b150b22492789aad27573f2c37e0f5e36cee1027916b381ae45f64805d537d181a56388fba6be8c58aff329074f9ed83d1e6ea2a9e4ee26a66b620166cbb26853926a8be715dc8bd1ec8b6b75144fc6a4fd0b6663cb7006798412710e5deb41e1d03955498e0"}) ioctl$USBDEVFS_SUBMITURB(r0, 0x8038550a, &(0x7f00000001c0)=@urb_type_control={0x2, {0x1, 0x1}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 899.885116ms ago: executing program 4 (id=3429): recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000000200)={0x2, 0x0, @remote}, 0x10) syz_emit_ethernet(0x32, &(0x7f0000000100)=ANY=[@ANYBLOB="0180c2000000ffffff9078ac1414bbe000000104004e20001090780200"/50], 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffb000/0x2000)=nil, 0x2000, &(0x7f0000000000)='/dev/audio#\x00') prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffd000/0x3000)=nil, 0x3000, &(0x7f0000000040)='/dev/full\x00') prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r2 = openat2$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000080), 0x18) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x6, 0x4, &(0x7f0000000500)=ANY=[@ANYBLOB="b402000000000000620a02000000000006000000000000009500000000000000f1939ed848f21df93f91b07adcad0a4b07f1ef908460d383447042ac86f654d37a9196871a82232bcdd6c0cdb90c62232e3f55133e8becfa1042258afc2d2e4c35c0c97a5930a78d68e9a73c1d2cb8ed1a61862f5634920ac85cc7d837d761c55f480169cfbb5b3b35ea849847b6259e4be756ac4d24ac6106533c6974921551274f6931592eefc4a38297ffaa95800d13"], &(0x7f0000000080)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000)={0x2}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x2f60e7da}, 0x90) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000000)=ANY=[@ANYBLOB="54010000100013070000000000000000ac1414bb000000000000000000000000e000000100"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000000000000000000000000000003200000000000000000000000000ffffe000000200000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000000000000000000000048000200656362286369706865725f6e756c6c2900"/221], 0x154}, 0x1, 0x0, 0x0, 0x2004d890}, 0x0) unshare(0x8000000) semget$private(0x0, 0x1, 0x0) semtimedop(0x0, &(0x7f0000000280)=[{0x0, 0x1000, 0x1000}], 0x1, 0x0) unshare(0x2c040000) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r2, 0x800c6613, 0x0) r4 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000280)={0x4000}, 0x1a) sendmsg$nl_generic(r4, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) renameat2(r2, &(0x7f0000000540)='./file1aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', r2, &(0x7f0000000400)='./file1aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) r5 = socket(0x2, 0x80805, 0x0) sendmmsg$inet_sctp(r5, &(0x7f0000001a40), 0x0, 0x0) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000140)={'sit0\x00', &(0x7f00000000c0)={'syztnl2\x00', 0x0, 0x7800, 0x10, 0xf8dd, 0x0, {{0x5, 0x4, 0x2, 0xf, 0x14, 0x0, 0x0, 0x1, 0x2f, 0x0, @dev={0xac, 0x14, 0x14, 0x32}, @loopback}}}}) pipe2$watch_queue(0x0, 0x80) 145.978561ms ago: executing program 3 (id=3430): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000090000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r1}, 0x10) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x200000005c832, 0xffffffffffffffff, 0x0) 132.28695ms ago: executing program 0 (id=3431): bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x1, 0x4, &(0x7f0000000400)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x83}, [@ldst={0x4}]}, &(0x7f0000000080)='GPL\x00', 0x2, 0x3f7, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xfffffffffffffd81}, 0x48) 79.713968ms ago: executing program 1 (id=3432): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000002c0)='mmap_lock_acquire_returned\x00', r0}, 0x10) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') fchdir(r1) r2 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) getdents(r2, &(0x7f0000001fc0)=""/184, 0xb8) 0s ago: executing program 0 (id=3433): rseq(&(0x7f0000000040), 0x20, 0x0, 0x0) unshare(0x22020400) bpf$MAP_CREATE(0x0, 0x0, 0x0) r0 = epoll_create1(0x0) r1 = epoll_create1(0x0) getdents(0xffffffffffffffff, 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000100)={0xa000000d}) kernel console output (not intermixed with test programs): v="overlay" ino=213 res=0 errno=0 [ 368.904739][ T29] audit: type=1326 audit(1720362342.209:199): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11721 comm="syz.0.2237" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f007e575bd9 code=0x7ffc0000 [ 368.956646][ T25] usb 5-1: USB disconnect, device number 21 [ 368.974783][ T29] audit: type=1326 audit(1720362342.209:200): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11721 comm="syz.0.2237" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f007e575bd9 code=0x7ffc0000 [ 369.032318][ T29] audit: type=1326 audit(1720362342.209:201): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11721 comm="syz.0.2237" exe="/root/syz-executor" sig=0 arch=c000003e syscall=235 compat=0 ip=0x7f007e575bd9 code=0x7ffc0000 [ 369.103590][ T29] audit: type=1326 audit(1720362342.209:202): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11721 comm="syz.0.2237" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f007e575bd9 code=0x7ffc0000 [ 369.153909][ T29] audit: type=1326 audit(1720362342.209:203): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11721 comm="syz.0.2237" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f007e574610 code=0x7ffc0000 [ 369.182254][ T29] audit: type=1326 audit(1720362342.219:204): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11721 comm="syz.0.2237" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7f007e577367 code=0x7ffc0000 [ 369.206975][ T29] audit: type=1326 audit(1720362342.219:205): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11721 comm="syz.0.2237" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f007e575bd9 code=0x7ffc0000 [ 369.229085][ T29] audit: type=1326 audit(1720362342.219:206): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11721 comm="syz.0.2237" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7f007e577367 code=0x7ffc0000 [ 369.262754][ T29] audit: type=1326 audit(1720362342.219:207): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11721 comm="syz.0.2237" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f007e57490a code=0x7ffc0000 [ 369.437515][ T2840] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 369.556192][ T2840] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 369.578835][T11744] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2243'. [ 369.679263][ T2840] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 369.789313][ T2840] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 369.896500][ T53] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 369.907037][ T53] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 369.919822][ T53] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 369.929102][ T53] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 369.994383][ T53] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 370.001794][ T53] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 370.058685][ T5140] usb 4-1: new high-speed USB device number 23 using dummy_hcd [ 370.121465][ T2840] bridge_slave_1: left allmulticast mode [ 370.138702][ T2840] bridge_slave_1: left promiscuous mode [ 370.155911][ T2840] bridge0: port 2(bridge_slave_1) entered disabled state [ 370.179238][ T2840] bridge_slave_0: left allmulticast mode [ 370.190058][ T2840] bridge_slave_0: left promiscuous mode [ 370.200352][ T2840] bridge0: port 1(bridge_slave_0) entered disabled state [ 370.274809][ T5140] usb 4-1: Using ep0 maxpacket: 32 [ 370.292899][ T5140] usb 4-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f [ 370.323038][ T5140] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 370.333950][ T5140] usb 4-1: Product: syz [ 370.338146][ T5140] usb 4-1: Manufacturer: syz [ 370.342758][ T5140] usb 4-1: SerialNumber: syz [ 370.360216][ T5140] usb 4-1: config 0 descriptor?? [ 370.399974][ T5140] gspca_main: stk1135-2.14.0 probing 174f:6a31 [ 370.820412][ T2840] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 370.840672][ T2840] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 370.862283][ T2840] bond0 (unregistering): Released all slaves [ 370.934582][ T5140] gspca_stk1135: reg_w 0x2 err -110 [ 370.942060][ T5140] gspca_stk1135: serial bus timeout: status=0x00 [ 370.961093][ T5140] gspca_stk1135: Sensor write failed [ 370.976762][ T5140] gspca_stk1135: serial bus timeout: status=0x00 [ 370.983205][ T5140] gspca_stk1135: Sensor write failed [ 370.990015][ T5140] gspca_stk1135: serial bus timeout: status=0x00 [ 371.014951][ T5140] gspca_stk1135: Sensor read failed [ 371.046532][ T5140] gspca_stk1135: serial bus timeout: status=0x00 [ 371.069150][ T5140] gspca_stk1135: Sensor read failed [ 371.088847][ T5140] gspca_stk1135: Detected sensor type unknown (0x0) [ 371.105625][ T5140] gspca_stk1135: serial bus timeout: status=0x00 [ 371.126037][ T5140] gspca_stk1135: Sensor read failed [ 371.142620][ T5140] gspca_stk1135: serial bus timeout: status=0x00 [ 371.149521][ T5140] gspca_stk1135: Sensor read failed [ 371.158326][ T5140] gspca_stk1135: serial bus timeout: status=0x00 [ 371.170671][ T5140] gspca_stk1135: Sensor write failed [ 371.191490][ T5140] gspca_stk1135: serial bus timeout: status=0x00 [ 371.225206][ T5140] gspca_stk1135: Sensor write failed [ 371.235392][ T5140] stk1135 4-1:0.0: probe with driver stk1135 failed with error -110 [ 371.424703][T11781] ntfs3: Bad value for 'gid' [ 371.530611][ T2840] hsr_slave_0: left promiscuous mode [ 371.547381][ T2840] hsr_slave_1: left promiscuous mode [ 371.578476][ T2840] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 371.608846][ T2840] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 371.638135][ T2840] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 371.650741][ T2840] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 371.661976][T11791] netlink: 'syz.4.2267': attribute type 1 has an invalid length. [ 371.677817][T11791] netlink: 112860 bytes leftover after parsing attributes in process `syz.4.2267'. [ 371.692123][T11791] netlink: 1 bytes leftover after parsing attributes in process `syz.4.2267'. [ 371.879192][ T2840] veth1_macvtap: left promiscuous mode [ 371.963434][ T2840] veth0_macvtap: left promiscuous mode [ 372.041548][ T2840] veth1_vlan: left promiscuous mode [ 372.075181][ T53] Bluetooth: hci1: command tx timeout [ 372.151913][ T2840] veth0_vlan: left promiscuous mode [ 372.517883][T11803] netlink: 'syz.0.2270': attribute type 1 has an invalid length. [ 372.792301][ T784] usb 4-1: USB disconnect, device number 23 [ 373.221240][ T2840] team0 (unregistering): Port device team_slave_1 removed [ 373.294080][ T2840] team0 (unregistering): Port device team_slave_0 removed [ 373.803221][T11825] netlink: 'syz.3.2278': attribute type 1 has an invalid length. [ 373.814723][T11825] netlink: 112860 bytes leftover after parsing attributes in process `syz.3.2278'. [ 373.829504][T11825] netlink: 1 bytes leftover after parsing attributes in process `syz.3.2278'. [ 373.971357][T11805] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2271'. [ 373.985760][T11805] bridge: RTM_NEWNEIGH bridge0 without NUD_PERMANENT [ 374.123824][ T53] Bluetooth: hci1: command tx timeout [ 374.196845][T11835] netlink: 84 bytes leftover after parsing attributes in process `syz.4.2281'. [ 374.246326][T11750] chnl_net:caif_netlink_parms(): no params data found [ 374.263301][T11835] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2281'. [ 374.452364][T11843] netlink: 'syz.0.2284': attribute type 10 has an invalid length. [ 374.589217][T11750] bridge0: port 1(bridge_slave_0) entered blocking state [ 374.607755][T11750] bridge0: port 1(bridge_slave_0) entered disabled state [ 374.623056][T11750] bridge_slave_0: entered allmulticast mode [ 374.640737][T11750] bridge_slave_0: entered promiscuous mode [ 374.661649][T11750] bridge0: port 2(bridge_slave_1) entered blocking state [ 374.669329][T11750] bridge0: port 2(bridge_slave_1) entered disabled state [ 374.684020][T11750] bridge_slave_1: entered allmulticast mode [ 374.691661][T11750] bridge_slave_1: entered promiscuous mode [ 374.722385][T11857] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2290'. [ 374.753550][T11857] bridge: RTM_NEWNEIGH bridge0 without NUD_PERMANENT [ 374.893252][T11750] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 374.910865][T11871] netlink: 'syz.4.2295': attribute type 1 has an invalid length. [ 374.916710][T11750] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 374.918801][T11871] netlink: 3440 bytes leftover after parsing attributes in process `syz.4.2295'. [ 374.938567][T11871] netlink: 'syz.4.2295': attribute type 1 has an invalid length. [ 374.979863][T11871] netlink: 5888 bytes leftover after parsing attributes in process `syz.4.2295'. [ 375.072747][T11750] team0: Port device team_slave_0 added [ 375.088476][T11750] team0: Port device team_slave_1 added [ 375.162506][T11750] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 375.174996][T11750] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 375.215957][T11750] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 375.222153][T11883] PKCS7: Unknown OID: [4] 0.28(bad) [ 375.229957][T11750] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 375.239631][T11750] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 375.253959][T11883] PKCS7: Only support pkcs7_signedData type [ 375.266722][T11750] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 375.311749][T11879] netlink: 'syz.2.2299': attribute type 10 has an invalid length. [ 375.458407][T11750] hsr_slave_0: entered promiscuous mode [ 375.475963][T11750] hsr_slave_1: entered promiscuous mode [ 375.752896][T11904] netlink: 'syz.3.2310': attribute type 4 has an invalid length. [ 376.218278][ T53] Bluetooth: hci1: command tx timeout [ 377.001218][T11750] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 377.027359][T11750] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 377.069786][T11750] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 377.109771][T11750] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 377.162553][T11940] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2323'. [ 377.185242][T11940] bridge: RTM_NEWNEIGH bridge0 without NUD_PERMANENT [ 377.405036][T11750] 8021q: adding VLAN 0 to HW filter on device bond0 [ 377.469481][T11750] 8021q: adding VLAN 0 to HW filter on device team0 [ 377.500845][ T5124] bridge0: port 1(bridge_slave_0) entered blocking state [ 377.508049][ T5124] bridge0: port 1(bridge_slave_0) entered forwarding state [ 377.555597][ T5136] bridge0: port 2(bridge_slave_1) entered blocking state [ 377.562738][ T5136] bridge0: port 2(bridge_slave_1) entered forwarding state [ 378.283783][ T53] Bluetooth: hci1: command tx timeout [ 378.542618][T11963] 9pnet: Could not find request transport: fd0xffffffffffffffff0x0000000000000009 [ 378.976322][T11750] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 379.081746][T11750] veth0_vlan: entered promiscuous mode [ 379.133263][T11750] veth1_vlan: entered promiscuous mode [ 379.228557][T11750] veth0_macvtap: entered promiscuous mode [ 379.250735][T11750] veth1_macvtap: entered promiscuous mode [ 379.286542][T11750] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 379.318806][T11750] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 379.331297][T11995] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 379.350679][T11750] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 379.370967][T11750] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 379.381471][T11750] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 379.392770][T11750] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 379.402958][T11750] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 379.414913][T11750] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 379.436860][T11750] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 379.515170][T11750] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 379.582608][T11750] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 379.597554][T11750] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 379.621763][T11750] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 380.007009][T11750] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 380.327464][T12001] 9pnet: Could not find request transport: fd0xffffffffffffffff0x0000000000000009 [ 380.353636][T11750] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 380.393760][T11750] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 380.421434][T11750] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 380.453302][T11750] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 380.469122][T11750] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 380.503481][T11750] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 380.512248][T11750] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 380.533644][T11750] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 380.744218][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 380.776741][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 380.876060][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 380.889112][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 381.329367][T12035] netlink: 'syz.1.2357': attribute type 1 has an invalid length. [ 381.355170][T12035] netlink: 'syz.1.2357': attribute type 3 has an invalid length. [ 381.387257][T12035] netlink: 224 bytes leftover after parsing attributes in process `syz.1.2357'. [ 381.404729][T12035] NCSI netlink: No device for ifindex 0 [ 381.688008][T12044] bond0: (slave tunl0): Error: Device can not be enslaved while up [ 383.576811][T12092] netlink: 'syz.0.2380': attribute type 5 has an invalid length. [ 385.984807][T12129] netlink: 'syz.0.2393': attribute type 4 has an invalid length. [ 387.142634][T12151] netlink: 'syz.1.2402': attribute type 2 has an invalid length. [ 389.938129][T12221] No such timeout policy "syz1" [ 390.013779][ T5138] usb 3-1: new high-speed USB device number 22 using dummy_hcd [ 390.046893][T12221] fuse: root generation should be zero [ 390.226680][ T5138] usb 3-1: Using ep0 maxpacket: 8 [ 390.286092][ T5138] usb 3-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ee [ 390.339117][ T5138] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 390.399821][T12233] netlink: 'syz.1.2432': attribute type 1 has an invalid length. [ 390.450205][ T5138] usb 3-1: Product: syz [ 390.496456][T12233] netlink: 512 bytes leftover after parsing attributes in process `syz.1.2432'. [ 390.506164][ T5138] usb 3-1: Manufacturer: syz [ 390.556698][ T5138] usb 3-1: SerialNumber: syz [ 390.658786][ T5138] usb 3-1: config 0 descriptor?? [ 390.960405][ T5138] usb 3-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 391.097821][T12241] block nbd0: NBD_DISCONNECT [ 391.102902][T12241] block nbd0: Send disconnect failed -107 [ 391.118294][T12241] block nbd0: Disconnected due to user request. [ 391.128362][T12241] block nbd0: shutting down sockets [ 391.402715][ T5138] dvb_usb_rtl28xxu 3-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32 [ 391.478219][ T5138] usb 3-1: USB disconnect, device number 22 [ 391.700754][T12262] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2445'. [ 392.693660][T12288] netlink: 'syz.1.2456': attribute type 1 has an invalid length. [ 392.710905][T12288] netlink: 'syz.1.2456': attribute type 3 has an invalid length. [ 392.845253][T12288] netlink: 224 bytes leftover after parsing attributes in process `syz.1.2456'. [ 392.869468][T12288] NCSI netlink: No device for ifindex 0 [ 392.877690][T12293] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2458'. [ 393.063135][T12296] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2457'. [ 393.783662][ T25] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 393.997135][ T25] usb 2-1: Using ep0 maxpacket: 16 [ 394.025768][ T25] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 33032, setting to 1024 [ 394.044938][ T25] usb 2-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 394.058957][ T25] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 394.070603][ T25] usb 2-1: config 0 descriptor?? [ 394.519303][T12288] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 394.528208][T12288] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 394.567330][ T25] hid (null): invalid report_size 17387 [ 394.572977][ T25] hid (null): report_id 2176741362 is invalid [ 394.611601][ T25] hid (null): unknown global tag 0xc [ 394.619943][ T25] hid (null): unknown global tag 0xd [ 394.777347][T12288] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 394.789384][ T25] hid-generic 0003:0158:0100.0009: unknown main item tag 0x1 [ 394.801320][T12288] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 394.817858][ T25] hid-generic 0003:0158:0100.0009: unexpected long global item [ 395.321752][ T25] hid-generic 0003:0158:0100.0009: probe with driver hid-generic failed with error -22 [ 395.602570][ T25] usb 2-1: USB disconnect, device number 12 [ 396.719237][ T29] kauditd_printk_skb: 30 callbacks suppressed [ 396.719254][ T29] audit: type=1326 audit(1720362370.059:238): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12337 comm="syz.0.2473" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f007e575bd9 code=0x7ffc0000 [ 396.789252][ T29] audit: type=1326 audit(1720362370.099:239): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12337 comm="syz.0.2473" exe="/root/syz-executor" sig=0 arch=c000003e syscall=37 compat=0 ip=0x7f007e575bd9 code=0x7ffc0000 [ 396.862340][ T29] audit: type=1326 audit(1720362370.099:240): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12337 comm="syz.0.2473" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f007e575bd9 code=0x7ffc0000 [ 396.946532][ T29] audit: type=1326 audit(1720362370.099:241): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12337 comm="syz.0.2473" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f007e575bd9 code=0x7ffc0000 [ 398.108685][ T29] audit: type=1326 audit(1720362371.419:242): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12358 comm="syz.3.2479" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fde75375bd9 code=0x0 [ 398.480023][T12374] Process accounting resumed [ 398.502862][ T29] audit: type=1326 audit(1720362371.829:243): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12375 comm="syz.2.2486" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcca7f75bd9 code=0x7ffc0000 [ 398.524455][ C1] vkms_vblank_simulate: vblank timer overrun [ 398.576702][ T29] audit: type=1326 audit(1720362371.829:244): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12375 comm="syz.2.2486" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcca7f75bd9 code=0x7ffc0000 [ 398.631157][T12381] Bluetooth: MGMT ver 1.22 [ 398.660349][ T5101] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 398.672539][ T5101] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 398.681180][ T5101] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 398.691955][ T5101] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 398.706889][ T29] audit: type=1326 audit(1720362371.839:245): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12375 comm="syz.2.2486" exe="/root/syz-executor" sig=0 arch=c000003e syscall=37 compat=0 ip=0x7fcca7f75bd9 code=0x7ffc0000 [ 398.707315][ T5101] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 398.742240][ T5101] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 398.836727][ T29] audit: type=1326 audit(1720362371.839:246): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12375 comm="syz.2.2486" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcca7f75bd9 code=0x7ffc0000 [ 398.883848][ T29] audit: type=1326 audit(1720362371.839:247): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12375 comm="syz.2.2486" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcca7f75bd9 code=0x7ffc0000 [ 398.905407][ C1] vkms_vblank_simulate: vblank timer overrun [ 399.125651][T12381] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2485'. [ 399.139385][ T5124] usb 2-1: new high-speed USB device number 13 using dummy_hcd [ 399.172313][T12381] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2485'. [ 399.375961][ T5124] usb 2-1: Using ep0 maxpacket: 16 [ 399.403127][ T5124] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 399.431771][ T5124] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 399.450796][ T5124] usb 2-1: config 0 interface 0 altsetting 0 has a duplicate endpoint with address 0x2, skipping [ 399.462826][ T5124] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 399.484869][ T5124] usb 2-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 399.495651][ T5124] usb 2-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 399.503773][ T5124] usb 2-1: Manufacturer: syz [ 399.515015][ T5124] usb 2-1: config 0 descriptor?? [ 399.997874][T12379] chnl_net:caif_netlink_parms(): no params data found [ 400.264773][T12379] bridge0: port 1(bridge_slave_0) entered blocking state [ 400.284411][T12379] bridge0: port 1(bridge_slave_0) entered disabled state [ 400.291725][T12379] bridge_slave_0: entered allmulticast mode [ 400.319157][T12379] bridge_slave_0: entered promiscuous mode [ 400.338573][T12379] bridge0: port 2(bridge_slave_1) entered blocking state [ 400.346605][T12379] bridge0: port 2(bridge_slave_1) entered disabled state [ 400.359812][T12379] bridge_slave_1: entered allmulticast mode [ 400.382345][T12379] bridge_slave_1: entered promiscuous mode [ 400.453548][ T25] usb 4-1: new high-speed USB device number 24 using dummy_hcd [ 400.509545][T12379] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 400.582459][T12379] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 400.663686][ T25] usb 4-1: New USB device found, idVendor=077b, idProduct=2226, bcdDevice=ca.8b [ 400.669082][T12379] team0: Port device team_slave_0 added [ 400.683603][ T53] Bluetooth: hci3: command 0x1407 tx timeout [ 400.690568][ T5103] Bluetooth: hci3: Opcode 0x1407 failed: -110 [ 400.707243][T12379] team0: Port device team_slave_1 added [ 400.716281][ T25] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 400.795306][ T25] usb 4-1: config 0 descriptor?? [ 400.818845][T12379] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 400.829776][T12379] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 400.856837][ T5103] Bluetooth: hci5: command tx timeout [ 400.868265][T12379] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 400.905070][T12379] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 400.912312][T12379] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 400.939959][T12379] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 401.111699][T12379] hsr_slave_0: entered promiscuous mode [ 401.122570][T12379] hsr_slave_1: entered promiscuous mode [ 401.140518][T12379] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 401.150447][T12379] Cannot create hsr debugfs directory [ 401.601084][T12379] netdevsim netdevsim4 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 401.632405][ T25] asix 4-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 401.633472][T12379] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 401.652939][ T25] asix 4-1:0.0 (unnamed net_device) (uninitialized): Failed to write RX_CTL mode to 0x0080: ffffffb9 [ 401.666755][ T25] asix 4-1:0.0: probe with driver asix failed with error -71 [ 401.682505][ T25] usb 4-1: USB disconnect, device number 24 [ 401.711967][ T5140] usb 2-1: USB disconnect, device number 13 [ 401.841919][T12379] netdevsim netdevsim4 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 401.864790][T12379] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 402.067947][T12379] netdevsim netdevsim4 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 402.085693][T12379] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 402.106947][ T29] audit: type=1326 audit(1720362375.449:248): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12443 comm="syz.0.2506" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f007e575bd9 code=0x0 [ 402.231078][T12379] netdevsim netdevsim4 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 402.244706][T12379] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 402.490572][T12379] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 402.510949][T12379] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 402.532150][T12379] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 402.559319][T12379] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 402.819047][T12379] 8021q: adding VLAN 0 to HW filter on device bond0 [ 402.923552][ T5103] Bluetooth: hci5: command tx timeout [ 404.430810][T12379] 8021q: adding VLAN 0 to HW filter on device team0 [ 404.456101][ T1146] bridge0: port 1(bridge_slave_0) entered blocking state [ 404.463291][ T1146] bridge0: port 1(bridge_slave_0) entered forwarding state [ 404.502241][T12473] Process accounting resumed [ 404.550471][ T25] bridge0: port 2(bridge_slave_1) entered blocking state [ 404.557684][ T25] bridge0: port 2(bridge_slave_1) entered forwarding state [ 404.675565][T12379] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 404.694519][ T5140] usb 1-1: new high-speed USB device number 21 using dummy_hcd [ 404.903960][ T5140] usb 1-1: Using ep0 maxpacket: 32 [ 404.914484][ T5140] usb 1-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 404.933002][ T5140] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 404.959584][ T5140] usb 1-1: config 0 descriptor?? [ 404.985089][ T5140] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 405.004642][ T5103] Bluetooth: hci5: command tx timeout [ 405.023555][ T9] usb 4-1: new high-speed USB device number 25 using dummy_hcd [ 405.029132][ T29] audit: type=1326 audit(1720362378.359:249): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12490 comm="syz.1.2524" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fae71575bd9 code=0x0 [ 405.041097][T12379] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 405.105709][T12498] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2526'. [ 405.203549][ T9] usb 4-1: Using ep0 maxpacket: 8 [ 405.229717][ T9] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ee [ 405.239435][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 405.247817][ T9] usb 4-1: Product: syz [ 405.252531][ T9] usb 4-1: Manufacturer: syz [ 405.268671][ T9] usb 4-1: SerialNumber: syz [ 405.292024][ T9] usb 4-1: config 0 descriptor?? [ 405.510860][ T9] usb 4-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 405.784052][T12379] veth0_vlan: entered promiscuous mode [ 405.802427][T12379] veth1_vlan: entered promiscuous mode [ 405.866668][ T5094] usb 3-1: new high-speed USB device number 23 using dummy_hcd [ 405.883332][T12379] veth0_macvtap: entered promiscuous mode [ 405.906816][T12379] veth1_macvtap: entered promiscuous mode [ 405.924549][ T9] dvb_usb_rtl28xxu 4-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32 [ 405.941782][T12379] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 405.942831][ T9] usb 4-1: USB disconnect, device number 25 [ 405.960209][T12379] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 405.971558][T12379] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 405.987217][T12379] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 405.992820][ T5140] gspca_nw80x: reg_w err -71 [ 405.997124][T12379] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 406.015439][ T5140] nw80x 1-1:0.0: probe with driver nw80x failed with error -71 [ 406.019728][T12379] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 406.033184][T12379] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 406.049761][T12379] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 406.056186][ T5140] usb 1-1: USB disconnect, device number 21 [ 406.060873][T12379] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 406.081425][T12379] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 406.086007][ T5094] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 406.102568][ T5094] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 406.104042][T12379] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 406.112705][ T5094] usb 3-1: New USB device found, idVendor=044f, idProduct=b65d, bcdDevice= 0.00 [ 406.130813][ T5094] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 406.142645][ T5094] usb 3-1: config 0 descriptor?? [ 406.171213][T12379] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 406.189838][T12379] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 406.201856][T12379] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 406.225022][T12379] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 406.243124][T12379] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 406.258999][T12379] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 406.268903][T12379] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 406.279603][T12379] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 406.290839][T12379] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 406.301372][T12379] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 406.321024][T12379] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 406.349446][T12379] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 406.370084][T12379] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 406.379380][T12379] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 406.388498][T12379] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 406.513699][ T2866] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 406.528139][ T2866] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 406.536689][ T5103] Bluetooth: hci3: command 0x1407 tx timeout [ 406.572990][ T5094] hid-thrustmaster 0003:044F:B65D.000A: unknown main item tag 0x0 [ 406.582658][ T2811] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 406.598511][ T2811] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 406.608011][ T5094] hid-thrustmaster 0003:044F:B65D.000A: hidraw0: USB HID v0.00 Device [HID 044f:b65d] on usb-dummy_hcd.2-1/input0 [ 406.659442][ T5094] hid-thrustmaster 0003:044F:B65D.000A: Wrong number of endpoints? [ 406.810879][T12532] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 406.819074][T12532] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 406.848522][T12532] A link change request failed with some changes committed already. Interface batadv_slave_0 may have been left with an inconsistent configuration, please check. [ 406.868132][ C0] hid-thrustmaster 0003:044F:B65D.000A: URB to get model id failed with error -71 [ 406.883250][ T5094] usb 3-1: USB disconnect, device number 23 [ 406.943734][T12539] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2538'. [ 406.966136][T12539] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2538'. [ 407.097103][ T53] Bluetooth: hci5: command tx timeout [ 407.903082][T12559] A link change request failed with some changes committed already. Interface sit0 may have been left with an inconsistent configuration, please check. [ 408.088727][T12562] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 408.426819][T12581] openvswitch: netlink: Missing key (keys=20040, expected=200000) [ 408.945442][T12615] openvswitch: netlink: Missing key (keys=20040, expected=200000) [ 409.664059][ T29] audit: type=1326 audit(1720362383.009:250): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12636 comm="syz.3.2580" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fde75375bd9 code=0x0 [ 410.829698][ T29] audit: type=1326 audit(1720362384.169:251): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12639 comm="syz.4.2579" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3c21f75bd9 code=0x0 [ 410.844261][ T53] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0 [ 410.844348][ T53] Bluetooth: hci1: Injecting HCI hardware error event [ 410.847181][ T5103] Bluetooth: hci1: hardware error 0x00 [ 412.948795][ T5103] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 414.126463][ T53] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 414.137317][ T53] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 414.147073][ T53] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 414.159785][ T53] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 414.166966][ T5094] usb 3-1: new high-speed USB device number 24 using dummy_hcd [ 414.177530][ T53] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 414.186322][ T53] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 414.227714][ T2811] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 414.394074][ T5094] usb 3-1: Using ep0 maxpacket: 32 [ 414.398256][ T2811] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 414.413086][ T5094] usb 3-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 414.423261][ T5094] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 414.434434][ T5094] usb 3-1: config 0 descriptor?? [ 414.445882][ T5094] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 414.572687][ T2811] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 414.705682][ T2811] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 415.055092][T12746] chnl_net:caif_netlink_parms(): no params data found [ 415.079632][ T53] Bluetooth: hci3: unexpected event 0x2f length: 509 > 260 [ 415.186956][ T53] Bluetooth: hci3: ACL packet for unknown connection handle 200 [ 415.339475][ T2811] bridge_slave_1: left allmulticast mode [ 415.348668][ T2811] bridge_slave_1: left promiscuous mode [ 415.355687][ T2811] bridge0: port 2(bridge_slave_1) entered disabled state [ 415.395063][ T2811] bridge_slave_0: left allmulticast mode [ 415.422564][ T2811] bridge_slave_0: left promiscuous mode [ 415.442804][ T2811] bridge0: port 1(bridge_slave_0) entered disabled state [ 415.491779][ T5094] gspca_nw80x: reg_w err -71 [ 415.508031][ T53] Bluetooth: hci3: unexpected event for opcode 0x203d [ 415.516353][ T5094] nw80x 3-1:0.0: probe with driver nw80x failed with error -71 [ 415.571393][ T5094] usb 3-1: USB disconnect, device number 24 [ 416.293794][ T53] Bluetooth: hci0: command tx timeout [ 416.340146][ T2811] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 416.365468][ T2811] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 416.387098][ T2811] bond0 (unregistering): Released all slaves [ 416.424111][T12780] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 416.432189][T12780] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 416.440852][T12780] A link change request failed with some changes committed already. Interface batadv_slave_0 may have been left with an inconsistent configuration, please check. [ 416.772942][ T53] Bluetooth: hci2: command 0x0406 tx timeout [ 416.796196][T12746] bridge0: port 1(bridge_slave_0) entered blocking state [ 416.803295][T12746] bridge0: port 1(bridge_slave_0) entered disabled state [ 416.817638][T12746] bridge_slave_0: entered allmulticast mode [ 416.837972][T12746] bridge_slave_0: entered promiscuous mode [ 416.886662][T12746] bridge0: port 2(bridge_slave_1) entered blocking state [ 416.900704][T12746] bridge0: port 2(bridge_slave_1) entered disabled state [ 416.908885][T12746] bridge_slave_1: entered allmulticast mode [ 416.928367][T12746] bridge_slave_1: entered promiscuous mode [ 416.941944][T12805] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 416.984778][T12805] kvm: pic: non byte read [ 416.993622][ T9] usb 4-1: new high-speed USB device number 26 using dummy_hcd [ 417.005287][T12805] kvm: pic: non byte read [ 417.023076][T12805] kvm: pic: non byte read [ 417.029436][T12805] kvm: pic: non byte read [ 417.039159][T12805] kvm: pic: level sensitive irq not supported [ 417.048183][T12805] kvm: pic: non byte read [ 417.050376][T12812] kernel profiling enabled (shift: 0) [ 417.058576][T12805] kvm: pic: single mode not supported [ 417.065595][T12805] kvm: pic: level sensitive irq not supported [ 417.073940][T12805] kvm: pic: non byte read [ 417.182376][T12746] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 417.204509][ T9] usb 4-1: Using ep0 maxpacket: 8 [ 417.223337][ T9] usb 4-1: New USB device found, idVendor=0af0, idProduct=d033, bcdDevice=e0.05 [ 417.234099][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 417.242415][ T9] usb 4-1: Product: syz [ 417.259594][ T9] usb 4-1: Manufacturer: syz [ 417.280789][ T2811] hsr_slave_0: left promiscuous mode [ 417.292228][ T9] usb 4-1: SerialNumber: syz [ 417.303793][ T2811] hsr_slave_1: left promiscuous mode [ 417.325685][ T9] usb 4-1: config 0 descriptor?? [ 417.340719][ T2811] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 417.354571][ T2811] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 417.357551][ T9] hso 4-1:0.0: Can't find BULK IN endpoint [ 417.419372][ T2811] veth1_macvtap: left promiscuous mode [ 417.430510][ T2811] veth0_macvtap: left promiscuous mode [ 417.463931][ T2811] veth1_vlan: left promiscuous mode [ 417.473201][ T2811] veth0_vlan: left promiscuous mode [ 417.555263][ T5103] Bluetooth: hci4: unexpected event 0x2f length: 509 > 260 [ 418.158787][ T9] usb 4-1: USB disconnect, device number 26 [ 418.446365][ T5103] Bluetooth: hci0: command tx timeout [ 419.272382][T12812] syz.4.2636: vmalloc error: size 721420288, failed to allocated page array size 1409024, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=syz4,mems_allowed=0-1 [ 419.523040][T12812] CPU: 0 PID: 12812 Comm: syz.4.2636 Not tainted 6.10.0-rc6-syzkaller-00223-gc6653f49e4fd #0 [ 419.533210][T12812] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 419.543257][T12812] Call Trace: [ 419.546538][T12812] [ 419.549477][T12812] dump_stack_lvl+0x241/0x360 [ 419.554183][T12812] ? __pfx_dump_stack_lvl+0x10/0x10 [ 419.559410][T12812] ? __pfx__printk+0x10/0x10 [ 419.564026][T12812] ? cpuset_print_current_mems_allowed+0x1f/0x350 [ 419.570460][T12812] ? cpuset_print_current_mems_allowed+0x31e/0x350 [ 419.573575][ T5103] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 419.576969][T12812] warn_alloc+0x278/0x410 [ 419.577005][T12812] ? __pfx_warn_alloc+0x10/0x10 [ 419.593055][ T5103] Bluetooth: hci3: Injecting HCI hardware error event [ 419.594555][T12812] ? profile_init+0xee/0x130 [ 419.594583][T12812] ? __get_vm_area_node+0x23d/0x270 [ 419.594617][T12812] __vmalloc_node_range_noprof+0x69f/0x1460 [ 419.604619][ T53] Bluetooth: hci3: hardware error 0x00 [ 419.605962][T12812] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 419.628973][T12812] ? rcu_is_watching+0x15/0xb0 [ 419.633747][T12812] ? profile_init+0xee/0x130 [ 419.638351][T12812] ? __pfx_sysfs_kf_write+0x10/0x10 [ 419.643566][T12812] vzalloc_noprof+0x79/0x90 [ 419.648077][T12812] ? profile_init+0xee/0x130 [ 419.652651][T12812] profile_init+0xee/0x130 [ 419.657052][T12812] profiling_store+0x5e/0xc0 [ 419.661625][T12812] kernfs_fop_write_iter+0x3a1/0x500 [ 419.666917][T12812] vfs_write+0xa72/0xc90 [ 419.671164][T12812] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 419.676970][T12812] ? __pfx_vfs_write+0x10/0x10 [ 419.681722][T12812] ? do_futex+0x33b/0x560 [ 419.686070][T12812] ksys_write+0x1a0/0x2c0 [ 419.690395][T12812] ? __pfx_ksys_write+0x10/0x10 [ 419.695233][T12812] ? do_syscall_64+0x100/0x230 [ 419.699985][T12812] ? do_syscall_64+0xb6/0x230 [ 419.704650][T12812] do_syscall_64+0xf3/0x230 [ 419.709137][T12812] ? clear_bhb_loop+0x35/0x90 [ 419.713802][T12812] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 419.719680][T12812] RIP: 0033:0x7f3c21f75bd9 [ 419.724093][T12812] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 419.744126][T12812] RSP: 002b:00007f3c219ff048 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 419.752545][T12812] RAX: ffffffffffffffda RBX: 00007f3c22103f60 RCX: 00007f3c21f75bd9 [ 419.760513][T12812] RDX: 0000000000000015 RSI: 0000000020000280 RDI: 0000000000000008 [ 419.768476][T12812] RBP: 00007f3c21fe4aa1 R08: 0000000000000000 R09: 0000000000000000 [ 419.776431][T12812] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 419.784403][T12812] R13: 000000000000000b R14: 00007f3c22103f60 R15: 00007ffe7560c358 [ 419.792418][T12812] [ 419.798851][T12812] Mem-Info: [ 419.802001][T12812] active_anon:274 inactive_anon:6044 isolated_anon:0 [ 419.802001][T12812] active_file:13251 inactive_file:38966 isolated_file:0 [ 419.802001][T12812] unevictable:768 dirty:307 writeback:25 [ 419.802001][T12812] slab_reclaimable:9541 slab_unreclaimable:97830 [ 419.802001][T12812] mapped:16309 shmem:4138 pagetables:780 [ 419.802001][T12812] sec_pagetables:0 bounce:0 [ 419.802001][T12812] kernel_misc_reclaimable:0 [ 419.802001][T12812] free:1365470 free_pcp:3053 free_cma:0 [ 420.515009][T12812] Node 0 active_anon:1096kB inactive_anon:12500kB active_file:52856kB inactive_file:155864kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:53524kB dirty:1004kB writeback:0kB shmem:3536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:9996kB pagetables:2884kB sec_pagetables:0kB all_unreclaimable? no [ 420.547601][ C1] vkms_vblank_simulate: vblank timer overrun [ 420.555757][ T5101] Bluetooth: hci0: command tx timeout [ 420.625428][T12812] Node 1 active_anon:0kB inactive_anon:0kB active_file:148kB inactive_file:0kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:24kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 420.657141][T12812] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 420.710726][T12812] lowmem_reserve[]: 0 2571 2571 0 0 [ 420.721812][T12812] Node 0 DMA32 free:1518360kB boost:0kB min:35108kB low:43884kB high:52660kB reserved_highatomic:0KB active_anon:1092kB inactive_anon:12660kB active_file:52604kB inactive_file:155804kB unevictable:1536kB writepending:1004kB present:3129332kB managed:2659872kB mlocked:0kB bounce:0kB free_pcp:1060kB local_pcp:760kB free_cma:0kB [ 420.758257][T12812] lowmem_reserve[]: 0 0 0 0 0 [ 420.781461][T12812] Node 0 Normal free:0kB boost:0kB min:4kB low:4kB high:4kB reserved_highatomic:0KB active_anon:4kB inactive_anon:40kB active_file:252kB inactive_file:60kB unevictable:0kB writepending:0kB present:1048576kB managed:360kB mlocked:0kB bounce:0kB free_pcp:4kB local_pcp:0kB free_cma:0kB [ 420.812302][T12812] lowmem_reserve[]: 0 0 0 0 0 [ 420.817216][T12812] Node 1 Normal free:3945760kB boost:0kB min:54788kB low:68484kB high:82180kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:148kB inactive_file:0kB unevictable:1536kB writepending:0kB present:4194304kB managed:4109120kB mlocked:0kB bounce:0kB free_pcp:6292kB local_pcp:5892kB free_cma:0kB [ 420.893514][T12812] lowmem_reserve[]: 0 0 0 0 0 [ 420.898420][T12812] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 420.914714][T12812] Node 0 DMA32: 510*4kB (ME) 957*8kB (UME) 646*16kB (UME) 586*32kB (UME) 370*64kB (UME) 128*128kB (UME) 64*256kB (UME) 27*512kB (UME) 20*1024kB (UME) 6*2048kB (UM) 336*4096kB (UM) = 1518080kB [ 420.931650][T12839] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 420.934509][T12812] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 420.942836][T12839] overlayfs: failed to set xattr on upper [ 420.960238][T12812] Node 1 Normal: 8*4kB (UM) 16*8kB (UM) 22*16kB (UM) 15*32kB (UM) 7*64kB (UM) 7*128kB (UM) 2*256kB [ 420.969170][ T2811] team0 (unregistering): Port device team_slave_1 removed [ 420.973027][T12812] (M) [ 420.989413][T12839] overlayfs: ...falling back to redirect_dir=nofollow. [ 420.996529][T12812] 3*512kB (U) 1*1024kB (M) 4*2048kB (UM) 960*4096kB (UM) = 3945760kB [ 421.010737][T12812] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 421.015676][T12839] overlayfs: ...falling back to index=off. [ 421.024385][T12812] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 421.031595][T12839] overlayfs: ...falling back to uuid=null. [ 421.037628][T12812] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 421.051346][T12812] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 421.061512][T12812] 53485 total pagecache pages [ 421.071649][T12812] 0 pages in swap cache [ 421.077228][T12812] Free swap = 124332kB [ 421.081736][T12812] Total swap = 124996kB [ 421.087706][T12812] 2097051 pages RAM [ 421.091681][T12812] 0 pages HighMem/MovableOnly [ 421.096984][T12812] 400873 pages reserved [ 421.101391][T12812] 0 pages cma reserved [ 421.182661][ T2811] team0 (unregistering): Port device team_slave_0 removed [ 422.176972][T12746] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 422.193283][T12844] netlink: 'syz.3.2645': attribute type 10 has an invalid length. [ 422.234526][ T5140] usb 5-1: new high-speed USB device number 22 using dummy_hcd [ 422.251035][T12844] syz_tun: entered promiscuous mode [ 422.331831][T12844] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 422.455706][ T5140] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 422.499215][ T5140] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 422.531485][ T53] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 422.550303][T12746] team0: Port device team_slave_0 added [ 422.605227][T12746] team0: Port device team_slave_1 added [ 422.613604][ T53] Bluetooth: hci0: command tx timeout [ 422.633939][ T5140] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 422.653309][ T5140] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 422.667915][ T5140] usb 5-1: Product: చ [ 422.818522][T12746] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 422.834002][T12746] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 422.874064][T12746] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 422.934717][T12746] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 422.950706][ T5140] usb 5-1: 0:2 : does not exist [ 422.982976][T12746] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 423.027419][T12746] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 423.046637][ T5140] usb 5-1: USB disconnect, device number 22 [ 423.302158][T12746] hsr_slave_0: entered promiscuous mode [ 423.333954][T12746] hsr_slave_1: entered promiscuous mode [ 423.438258][T12873] kvm: kvm [12871]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x6d00000800 [ 423.450741][T12873] kvm: kvm [12871]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x14500000800 [ 423.460693][T12873] kvm: kvm [12871]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0x14600000000 [ 423.472931][T12873] kvm: kvm [12871]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x1cd00000800 [ 424.313228][T12746] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 424.378152][T12746] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 424.400283][T12746] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 424.417643][T12746] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 424.544765][ T5094] usb 4-1: new high-speed USB device number 27 using dummy_hcd [ 424.718149][T12913] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2669'. [ 424.773903][ T5094] usb 4-1: Using ep0 maxpacket: 16 [ 424.783112][T12746] 8021q: adding VLAN 0 to HW filter on device bond0 [ 424.810150][ T5094] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 424.830051][ T5094] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 424.841299][ T5094] usb 4-1: config 0 interface 0 altsetting 0 has a duplicate endpoint with address 0x2, skipping [ 424.860438][ T5094] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 424.867693][T12746] 8021q: adding VLAN 0 to HW filter on device team0 [ 424.881790][ T5094] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 424.894806][ T5094] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 424.903292][ T5094] usb 4-1: Manufacturer: syz [ 424.942354][ T5094] usb 4-1: config 0 descriptor?? [ 424.944770][ T25] bridge0: port 1(bridge_slave_0) entered blocking state [ 424.954754][ T25] bridge0: port 1(bridge_slave_0) entered forwarding state [ 425.039971][ T25] bridge0: port 2(bridge_slave_1) entered blocking state [ 425.047174][ T25] bridge0: port 2(bridge_slave_1) entered forwarding state [ 425.500118][T12746] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 425.609309][T12746] veth0_vlan: entered promiscuous mode [ 425.638377][T12746] veth1_vlan: entered promiscuous mode [ 425.723354][T12746] veth0_macvtap: entered promiscuous mode [ 425.756522][T12746] veth1_macvtap: entered promiscuous mode [ 425.787154][T12746] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 425.797970][T12746] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 425.821543][T12746] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 425.869054][T12746] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 425.900726][T12746] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 425.928299][T12746] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 425.942567][T12746] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 425.955732][T12746] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 425.988255][T12746] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 426.036279][T12746] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 426.086390][T12746] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 426.125581][T12746] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 426.175596][T12746] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 426.216531][T12746] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 426.261327][T12746] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 426.261437][T12746] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 426.261457][T12746] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 426.261473][T12746] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 426.261488][T12746] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 426.264934][T12746] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 426.292656][T12746] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 426.292693][T12746] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 426.292720][T12746] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 426.292747][T12746] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 426.506826][ T2820] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 426.506850][ T2820] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 426.606633][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 426.652862][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 427.176666][ T5147] usb 4-1: USB disconnect, device number 27 [ 427.383809][ T29] audit: type=1326 audit(1720362400.729:252): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12965 comm="syz.0.2686" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f007e575bd9 code=0x0 [ 427.404859][ C1] vkms_vblank_simulate: vblank timer overrun [ 427.887506][T12987] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2694'. [ 428.411845][T13008] netlink: 'syz.3.2703': attribute type 3 has an invalid length. [ 428.449033][T13008] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.2703'. [ 429.600171][ T29] audit: type=1804 audit(1720362402.889:253): pid=13024 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.3.2708" name="/newroot/217/bus/bus" dev="overlay" ino=1180 res=1 errno=0 [ 430.466660][T13045] netlink: 5056 bytes leftover after parsing attributes in process `syz.3.2715'. [ 430.493522][T13045] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2715'. [ 430.502505][T13045] netlink: 5056 bytes leftover after parsing attributes in process `syz.3.2715'. [ 431.184694][ T29] audit: type=1326 audit(1720362404.489:254): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13064 comm="syz.3.2725" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fde75375bd9 code=0x0 [ 431.514679][ T5147] usb 5-1: new full-speed USB device number 23 using dummy_hcd [ 431.745032][ T5147] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 431.770840][ T5147] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 512, setting to 64 [ 431.816736][ T5147] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 576, setting to 64 [ 431.882999][ T5147] usb 5-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 22 [ 431.971786][ T5147] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 432.018844][ T5147] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 432.069232][ T5147] usb 5-1: SerialNumber: syz [ 432.100986][T13079] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 432.153529][T13079] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 432.201629][ T5147] cdc_acm 5-1:1.0: Control and data interfaces are not separated! [ 433.402302][ T5147] cdc_acm 5-1:1.0: ttyACM0: USB ACM device [ 433.432135][ T5147] usb 5-1: USB disconnect, device number 23 [ 434.084442][T13137] netlink: 16126 bytes leftover after parsing attributes in process `syz.0.2748'. [ 434.094158][T13137] netlink: 105116 bytes leftover after parsing attributes in process `syz.0.2748'. [ 435.323333][ T29] audit: type=1326 audit(1720362408.659:255): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13148 comm="syz.0.2753" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f007e575bd9 code=0x0 [ 435.353755][ T5147] usb 3-1: new high-speed USB device number 25 using dummy_hcd [ 435.563502][ T5147] usb 3-1: Using ep0 maxpacket: 32 [ 435.595413][ T5147] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 435.638240][ T5147] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 435.677200][ T5147] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 435.691170][ T5147] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 435.725466][ T5147] usb 3-1: config 0 descriptor?? [ 435.742755][ T5147] hub 3-1:0.0: USB hub found [ 436.034537][ T5147] hub 3-1:0.0: config failed, can't read hub descriptor (err -22) [ 436.080282][ T5147] usbhid 3-1:0.0: can't add hid device: -71 [ 436.099637][ T5147] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 436.197684][ T5147] usb 3-1: USB disconnect, device number 25 [ 436.361319][T13179] trusted_key: encrypted_key: key description must be 16 hexadecimal characters long [ 437.939771][T13210] netlink: 'syz.2.2778': attribute type 4 has an invalid length. [ 438.135324][T13217] trusted_key: encrypted_key: key description must be 16 hexadecimal characters long [ 439.387566][T13232] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2785'. [ 439.467744][T13239] netlink: 16126 bytes leftover after parsing attributes in process `syz.3.2786'. [ 439.477093][T13239] netlink: 105116 bytes leftover after parsing attributes in process `syz.3.2786'. [ 440.720687][T13253] netlink: 'syz.1.2793': attribute type 4 has an invalid length. [ 441.039708][T13266] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2796'. [ 441.056849][T13266] vlan2: entered promiscuous mode [ 443.397549][T13306] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 443.620334][T13310] netlink: 16126 bytes leftover after parsing attributes in process `syz.0.2814'. [ 443.629792][T13310] netlink: 105116 bytes leftover after parsing attributes in process `syz.0.2814'. [ 446.253478][T13359] netlink: 16126 bytes leftover after parsing attributes in process `syz.3.2829'. [ 446.264275][T13359] netlink: 105116 bytes leftover after parsing attributes in process `syz.3.2829'. [ 447.472127][T13375] netlink: 236 bytes leftover after parsing attributes in process `syz.2.2833'. [ 447.611994][T13372] netlink: 'syz.1.2834': attribute type 9 has an invalid length. [ 447.761461][T13385] tap0: tun_chr_ioctl cmd 1074025675 [ 447.783484][T13385] tap0: persist enabled [ 447.801657][T13385] tap0: tun_chr_ioctl cmd 1074025675 [ 447.823529][T13385] tap0: persist enabled [ 448.067374][T13395] Bluetooth: MGMT ver 1.22 [ 451.519304][T13421] smc: net device erspan0 applied user defined pnetid SYZ2 [ 451.612585][T13421] pim6reg1: entered promiscuous mode [ 451.676738][T13421] pim6reg1: entered allmulticast mode [ 452.606324][ T5101] Bluetooth: hci4: command 0x0406 tx timeout [ 452.877962][T13459] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2870'. [ 453.135818][ T29] audit: type=1326 audit(1720362426.329:256): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13450 comm="syz.1.2865" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb5c575bd9 code=0x7ff00000 [ 453.166447][ T29] audit: type=1326 audit(1720362426.329:257): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13450 comm="syz.1.2865" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb5c575bd9 code=0x7ff00000 [ 453.188043][ C1] vkms_vblank_simulate: vblank timer overrun [ 453.212423][ T29] audit: type=1326 audit(1720362426.339:258): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13450 comm="syz.1.2865" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb5c575bd9 code=0x7ff00000 [ 453.235384][ T29] audit: type=1326 audit(1720362426.339:259): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13450 comm="syz.1.2865" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb5c575bd9 code=0x7ff00000 [ 453.258359][ T29] audit: type=1326 audit(1720362426.339:260): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13450 comm="syz.1.2865" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb5c575bd9 code=0x7ff00000 [ 453.280422][ T29] audit: type=1326 audit(1720362426.339:261): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13450 comm="syz.1.2865" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb5c575bd9 code=0x7ff00000 [ 453.302614][ T29] audit: type=1326 audit(1720362426.339:262): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13450 comm="syz.1.2865" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb5c575bd9 code=0x7ff00000 [ 453.326194][ T29] audit: type=1326 audit(1720362426.339:263): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13450 comm="syz.1.2865" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb5c575bd9 code=0x7ff00000 [ 453.348426][ T29] audit: type=1326 audit(1720362426.339:264): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13450 comm="syz.1.2865" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb5c575bd9 code=0x7ff00000 [ 453.378350][ T29] audit: type=1326 audit(1720362426.339:265): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13450 comm="syz.1.2865" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb5c575bd9 code=0x7ff00000 [ 455.811664][T13481] tc_dump_action: action bad kind [ 455.963949][ T5101] Bluetooth: hci0: command 0x0405 tx timeout [ 456.883278][ T5136] usb 2-1: new high-speed USB device number 14 using dummy_hcd [ 457.183782][ T5136] usb 2-1: Using ep0 maxpacket: 8 [ 457.200630][ T5136] usb 2-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 457.227656][ T5136] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 457.239156][ T5136] usb 2-1: config 0 descriptor?? [ 458.405283][T13523] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2894'. [ 458.543813][ T784] usb 1-1: new high-speed USB device number 22 using dummy_hcd [ 458.584074][ T5136] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 458.597416][ T5136] asix 2-1:0.0: probe with driver asix failed with error -71 [ 458.608194][ T5136] usb 2-1: USB disconnect, device number 14 [ 458.746368][ T784] usb 1-1: Using ep0 maxpacket: 16 [ 458.756131][T13535] ptrace attach of "./syz-executor exec"[12379] was attempted by "./syz-executor exec"[13535] [ 458.770313][ T784] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 33032, setting to 1024 [ 458.782866][ T784] usb 1-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 458.807674][ T784] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 458.836036][ T784] usb 1-1: config 0 descriptor?? [ 459.109103][T13539] netlink: 210620 bytes leftover after parsing attributes in process `syz.2.2900'. [ 459.119832][T13539] openvswitch: netlink: ufid size 2296 bytes exceeds the range (1, 16) [ 459.224402][ T29] kauditd_printk_skb: 2817 callbacks suppressed [ 459.224421][ T29] audit: type=1326 audit(1720362432.529:3083): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13536 comm="syz.4.2899" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3c21f75bd9 code=0x7ff00000 [ 459.395161][ T29] audit: type=1326 audit(1720362432.529:3084): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13536 comm="syz.4.2899" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3c21f75bd9 code=0x7ff00000 [ 459.416824][ C1] vkms_vblank_simulate: vblank timer overrun [ 459.424635][ T29] audit: type=1326 audit(1720362432.529:3085): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13536 comm="syz.4.2899" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3c21f75bd9 code=0x7ff00000 [ 459.425034][T13515] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 459.446812][ T29] audit: type=1326 audit(1720362432.529:3086): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13536 comm="syz.4.2899" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3c21f75bd9 code=0x7ff00000 [ 459.473954][T13515] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 459.490023][ T29] audit: type=1326 audit(1720362432.529:3087): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13536 comm="syz.4.2899" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3c21f75bd9 code=0x7ff00000 [ 459.524415][ T29] audit: type=1326 audit(1720362432.539:3088): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13536 comm="syz.4.2899" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3c21f75bd9 code=0x7ff00000 [ 459.546593][ T29] audit: type=1326 audit(1720362432.539:3089): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13536 comm="syz.4.2899" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3c21f75bd9 code=0x7ff00000 [ 459.568258][ C1] vkms_vblank_simulate: vblank timer overrun [ 459.805048][T13515] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 460.429998][ T29] audit: type=1326 audit(1720362432.539:3090): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13536 comm="syz.4.2899" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3c21f75bd9 code=0x7ff00000 [ 460.450296][T13515] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 460.452099][ T29] audit: type=1326 audit(1720362432.539:3091): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13536 comm="syz.4.2899" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3c21f75bd9 code=0x7ff00000 [ 460.487224][ T784] hid (null): bogus close delimiter [ 460.498630][ T784] hid (null): unknown global tag 0xa5 [ 460.508411][ T29] audit: type=1326 audit(1720362432.539:3092): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13536 comm="syz.4.2899" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3c21f75bd9 code=0x7ff00000 [ 460.527337][ T784] hid (null): unknown global tag 0xd [ 460.557078][ T784] hid-generic 0003:0158:0100.000B: unknown main item tag 0x1 [ 460.576694][ T784] hid-generic 0003:0158:0100.000B: unexpected long global item [ 460.602465][ T784] hid-generic 0003:0158:0100.000B: probe with driver hid-generic failed with error -22 [ 460.707765][ T784] usb 1-1: USB disconnect, device number 22 [ 461.673598][ T5140] usb 3-1: new high-speed USB device number 26 using dummy_hcd [ 461.681324][ T9] usb 1-1: new high-speed USB device number 23 using dummy_hcd [ 461.873638][ T5140] usb 3-1: Using ep0 maxpacket: 16 [ 461.880908][ T9] usb 1-1: New USB device found, idVendor=0c45, idProduct=614a, bcdDevice=e6.af [ 461.898112][ T5140] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x85 has invalid wMaxPacketSize 0 [ 461.918405][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 461.929912][ T5140] usb 3-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 461.929941][ T5140] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 461.929963][ T5140] usb 3-1: Product: syz [ 461.929978][ T5140] usb 3-1: Manufacturer: syz [ 461.929993][ T5140] usb 3-1: SerialNumber: syz [ 461.932506][ T5140] usb 3-1: config 0 descriptor?? [ 461.958814][ T9] usb 1-1: config 0 descriptor?? [ 461.963809][ T9] gspca_main: sonixj-2.14.0 probing 0c45:614a [ 462.178107][ T9] gspca_sonixj: reg_w1 err -71 [ 462.185320][ T9] sonixj 1-1:0.0: probe with driver sonixj failed with error -71 [ 462.200861][ T9] usb 1-1: USB disconnect, device number 23 [ 463.500908][ T5101] Bluetooth: hci5: ACL packet for unknown connection handle 0 [ 463.733633][ T5138] usb 2-1: new high-speed USB device number 15 using dummy_hcd [ 463.845869][T11483] bond0: (slave syz_tun): Releasing backup interface [ 463.859998][ T53] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 463.872812][ T53] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 463.886343][ T53] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 463.894631][T13626] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies. [ 463.907306][ T53] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 463.919298][ T53] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 463.930324][ T53] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 463.949713][ T5138] usb 2-1: New USB device found, idVendor=1d50, idProduct=606f, bcdDevice=14.d4 [ 463.961243][ T5138] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 463.974266][ T5138] usb 2-1: config 0 descriptor?? [ 464.127877][ T2840] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 464.294549][ T5140] usb 3-1: USB disconnect, device number 26 [ 464.321276][ T2840] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 464.475528][ T2840] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 464.593515][ T9] usb 1-1: new high-speed USB device number 24 using dummy_hcd [ 464.738512][ T5138] gs_usb 2-1:0.0: Couldn't get device config: (err=-71) [ 464.751352][ T5138] gs_usb 2-1:0.0: probe with driver gs_usb failed with error -71 [ 464.796422][ T5138] usb 2-1: USB disconnect, device number 15 [ 464.821303][ T2840] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 464.941988][T13623] chnl_net:caif_netlink_parms(): no params data found [ 464.960543][ T9] usb 1-1: config 0 has an invalid interface number: 50 but max is 0 [ 464.981644][ T9] usb 1-1: config 0 has an invalid interface association descriptor of length 2, skipping [ 465.013130][ T9] usb 1-1: config 0 has no interface number 0 [ 465.025548][ T9] usb 1-1: config 0 interface 50 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 465.054682][ T9] usb 1-1: New USB device found, idVendor=1618, idProduct=9116, bcdDevice=2c.09 [ 465.071293][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 465.085735][ T9] usb 1-1: Product: syz [ 465.090060][ T9] usb 1-1: Manufacturer: syz [ 465.095298][ T9] usb 1-1: SerialNumber: syz [ 465.104532][ T9] usb 1-1: config 0 descriptor?? [ 465.165952][ T2840] bridge_slave_1: left allmulticast mode [ 465.171802][ T2840] bridge_slave_1: left promiscuous mode [ 465.177838][ T2840] bridge0: port 2(bridge_slave_1) entered disabled state [ 465.222586][ T2840] bridge_slave_0: left promiscuous mode [ 465.230471][ T2840] bridge0: port 1(bridge_slave_0) entered disabled state [ 465.579971][T13659] netlink: 'syz.4.2943': attribute type 9 has an invalid length. [ 465.964121][ T53] Bluetooth: hci1: command tx timeout [ 466.773759][ T784] usb 3-1: new high-speed USB device number 27 using dummy_hcd [ 467.003630][ T784] usb 3-1: Using ep0 maxpacket: 16 [ 467.010497][ T784] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x85 has invalid wMaxPacketSize 0 [ 467.054346][ T784] usb 3-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 467.071854][ T784] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 467.081140][ T784] usb 3-1: Product: syz [ 467.086608][ T784] usb 3-1: Manufacturer: syz [ 467.088157][ T2840] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 467.099805][ T784] usb 3-1: SerialNumber: syz [ 467.116841][ T784] usb 3-1: config 0 descriptor?? [ 467.124131][ T2840] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 467.151150][ T2840] bond0 (unregistering): Released all slaves [ 467.179773][ T2840] bond1 (unregistering): Released all slaves [ 467.204418][ T2840] bond2 (unregistering): Released all slaves [ 468.205438][ T53] Bluetooth: hci1: command tx timeout [ 468.415974][T13623] bridge0: port 1(bridge_slave_0) entered blocking state [ 468.457341][T13623] bridge0: port 1(bridge_slave_0) entered disabled state [ 468.472516][T13623] bridge_slave_0: entered allmulticast mode [ 468.505101][T13623] bridge_slave_0: entered promiscuous mode [ 468.531405][ T5136] usb 1-1: USB disconnect, device number 24 [ 468.651277][T13623] bridge0: port 2(bridge_slave_1) entered blocking state [ 468.678894][T13623] bridge0: port 2(bridge_slave_1) entered disabled state [ 468.699841][T13623] bridge_slave_1: entered allmulticast mode [ 468.727281][T13623] bridge_slave_1: entered promiscuous mode [ 468.812545][ T5101] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 468.826281][ T5101] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 468.831914][T13698] devtmpfs: Too few inodes for current use [ 468.840895][ T5101] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 468.850056][ T5101] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 468.859281][ T5101] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 468.866831][ T5101] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 468.958741][T13623] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 469.059848][T13623] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 469.209903][ T5138] usb 3-1: USB disconnect, device number 27 [ 469.247240][T13623] team0: Port device team_slave_0 added [ 469.309417][T13623] team0: Port device team_slave_1 added [ 469.321697][ T2840] hsr_slave_0: left promiscuous mode [ 469.329136][ T2840] hsr_slave_1: left promiscuous mode [ 469.345704][ T2840] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 469.370116][ T2840] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 469.452680][ T2840] veth1_macvtap: left promiscuous mode [ 469.458380][ T2840] veth0_macvtap: left promiscuous mode [ 469.467477][ T2840] veth1_vlan: left promiscuous mode [ 469.487369][ T2840] veth0_vlan: left promiscuous mode [ 469.693863][ T5138] usb 3-1: new high-speed USB device number 28 using dummy_hcd [ 469.742181][T13713] netlink: 'syz.4.2960': attribute type 3 has an invalid length. [ 469.913577][ T5138] usb 3-1: Using ep0 maxpacket: 16 [ 469.928976][ T5138] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 33032, setting to 1024 [ 469.974226][ T5138] usb 3-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 470.023859][ T5138] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 470.051751][ T5138] usb 3-1: config 0 descriptor?? [ 470.283628][ T5101] Bluetooth: hci1: command tx timeout [ 470.380688][ T2840] team0 (unregistering): Port device team_slave_1 removed [ 470.439224][ T2840] team0 (unregistering): Port device team_slave_0 removed [ 470.479429][T13706] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 470.489755][T13706] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 470.525316][ T5140] usb 1-1: new high-speed USB device number 25 using dummy_hcd [ 470.628704][ T2840] bridge_slave_0 (unregistering): left allmulticast mode [ 470.709576][T13706] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 470.719965][T13706] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 470.734261][ T5138] hid (null): bogus close delimiter [ 470.746344][ T5138] hid (null): unknown global tag 0xa5 [ 470.752442][ T5138] hid (null): unknown global tag 0xd [ 470.761129][ T5138] hid-generic 0003:0158:0100.000C: unknown main item tag 0x1 [ 470.763945][ T5140] usb 1-1: config 0 has an invalid interface number: 50 but max is 0 [ 470.769256][ T5138] hid-generic 0003:0158:0100.000C: unexpected long global item [ 470.785344][ T5138] hid-generic 0003:0158:0100.000C: probe with driver hid-generic failed with error -22 [ 470.786046][ T5140] usb 1-1: config 0 has an invalid interface association descriptor of length 2, skipping [ 470.812701][ T5140] usb 1-1: config 0 has no interface number 0 [ 470.820519][ T5140] usb 1-1: config 0 interface 50 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 470.843567][ T5140] usb 1-1: New USB device found, idVendor=1618, idProduct=9116, bcdDevice=2c.09 [ 470.852668][ T5140] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 470.860836][ T5140] usb 1-1: Product: syz [ 470.869948][ T5140] usb 1-1: Manufacturer: syz [ 470.874867][ T5140] usb 1-1: SerialNumber: syz [ 470.886124][ T5140] usb 1-1: config 0 descriptor?? [ 470.924560][ T5101] Bluetooth: hci0: command tx timeout [ 470.957437][ T5138] usb 3-1: USB disconnect, device number 28 [ 471.103963][T13712] netlink: 'syz.4.2960': attribute type 3 has an invalid length. [ 471.217278][T13623] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 471.233138][T13623] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 471.296724][T13623] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 471.388678][T13623] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 471.401686][T13623] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 471.441583][T13623] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 471.727537][T13623] hsr_slave_0: entered promiscuous mode [ 471.759295][T13623] hsr_slave_1: entered promiscuous mode [ 471.771304][T13623] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 471.778242][T13728] devtmpfs: Too few inodes for current use [ 471.792342][T13623] Cannot create hsr debugfs directory [ 472.001006][T13695] chnl_net:caif_netlink_parms(): no params data found [ 473.007000][ T5101] Bluetooth: hci1: command tx timeout [ 473.013697][ T53] Bluetooth: hci0: command tx timeout [ 473.127268][T13739] syz.4.2967 (13739): drop_caches: 2 [ 473.411138][ T2840] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 473.681508][ T2840] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 473.808456][T13695] bridge0: port 1(bridge_slave_0) entered blocking state [ 473.821140][T13695] bridge0: port 1(bridge_slave_0) entered disabled state [ 473.832136][T13695] bridge_slave_0: entered allmulticast mode [ 473.841096][T13695] bridge_slave_0: entered promiscuous mode [ 473.916385][ T2840] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 474.026356][ T2840] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 474.068403][T13695] bridge0: port 2(bridge_slave_1) entered blocking state [ 474.079147][T13695] bridge0: port 2(bridge_slave_1) entered disabled state [ 474.095935][T13695] bridge_slave_1: entered allmulticast mode [ 474.120441][T13695] bridge_slave_1: entered promiscuous mode [ 474.219505][T13758] devtmpfs: Too few inodes for current use [ 474.321397][T13695] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 474.396729][T13695] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 474.510401][T13695] team0: Port device team_slave_0 added [ 474.541237][T13695] team0: Port device team_slave_1 added [ 474.695880][T13769] kAFS: No cell specified [ 474.749523][ T5138] usb 1-1: USB disconnect, device number 25 [ 474.759469][T13695] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 474.801744][T13695] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 474.856316][T13695] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 474.904515][T13777] devtmpfs: Too few inodes for current use [ 474.959667][T13695] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 474.971129][T13695] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 475.003183][T13695] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 475.057392][T13780] tipc: Started in network mode [ 475.066751][T13780] tipc: Node identity , cluster identity 4711 [ 475.073670][T13780] tipc: Failed to set node id, please configure manually [ 475.081533][T13780] tipc: Enabling of bearer rejected, failed to enable media [ 475.089889][ T5101] Bluetooth: hci0: command tx timeout [ 475.179205][ T2840] bridge_slave_1: left allmulticast mode [ 475.187409][ T2840] bridge_slave_1: left promiscuous mode [ 475.201116][ T2840] bridge0: port 2(bridge_slave_1) entered disabled state [ 475.211880][ T2840] bridge_slave_0: left allmulticast mode [ 475.218628][ T2840] bridge_slave_0: left promiscuous mode [ 475.227906][ T2840] bridge0: port 1(bridge_slave_0) entered disabled state [ 476.444252][T13784] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512) [ 477.079395][ T2840] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 477.091711][ T2840] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 477.103142][ T2840] bond0 (unregistering): Released all slaves [ 477.161844][T13623] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 477.175008][ T5101] Bluetooth: hci0: command tx timeout [ 477.198741][T13695] hsr_slave_0: entered promiscuous mode [ 477.212086][T13695] hsr_slave_1: entered promiscuous mode [ 477.229170][T13695] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 477.237163][T13695] Cannot create hsr debugfs directory [ 477.253169][T13623] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 477.286887][T13623] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 477.375998][T13623] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 477.598913][ T2840] hsr_slave_0: left promiscuous mode [ 477.609046][ T2840] hsr_slave_1: left promiscuous mode [ 477.623888][ T2840] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 477.641362][ T2840] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 477.661012][ T2840] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 477.670709][ T2840] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 477.765839][ T2840] veth1_macvtap: left promiscuous mode [ 477.783805][ T2840] veth0_macvtap: left promiscuous mode [ 477.790995][ T2840] veth1_vlan: left promiscuous mode [ 477.820196][ T2840] veth0_vlan: left promiscuous mode [ 477.922844][T13830] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 478.638667][ T9] usb 1-1: new high-speed USB device number 26 using dummy_hcd [ 478.833898][ T9] usb 1-1: Using ep0 maxpacket: 16 [ 478.854566][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 33032, setting to 1024 [ 478.871814][ T9] usb 1-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 478.881712][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 478.914565][ T9] usb 1-1: config 0 descriptor?? [ 479.065976][ T2840] team0 (unregistering): Port device team_slave_1 removed [ 479.115046][ T2840] team0 (unregistering): Port device team_slave_0 removed [ 479.339990][T13829] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 479.353740][T13829] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 479.585414][T13829] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 479.601643][T13829] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 479.629919][ T9] hid (null): bogus close delimiter [ 479.637814][ T9] hid (null): unknown global tag 0xa5 [ 479.643273][ T9] hid (null): unknown global tag 0xd [ 479.652194][ T9] hid-generic 0003:0158:0100.000D: unknown main item tag 0x1 [ 479.669704][ T9] hid-generic 0003:0158:0100.000D: unexpected long global item [ 479.692878][ T9] hid-generic 0003:0158:0100.000D: probe with driver hid-generic failed with error -22 [ 479.907799][ T784] usb 1-1: USB disconnect, device number 26 [ 479.915213][T13843] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3005'. [ 480.052815][T13623] 8021q: adding VLAN 0 to HW filter on device bond0 [ 480.095205][T13623] 8021q: adding VLAN 0 to HW filter on device team0 [ 480.134359][ T5136] bridge0: port 1(bridge_slave_0) entered blocking state [ 480.141512][ T5136] bridge0: port 1(bridge_slave_0) entered forwarding state [ 480.167496][ T5136] bridge0: port 2(bridge_slave_1) entered blocking state [ 480.174705][ T5136] bridge0: port 2(bridge_slave_1) entered forwarding state [ 480.586032][T13695] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 480.612162][T13623] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 480.629371][T13695] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 480.652824][T13695] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 480.694369][T13695] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 481.000446][T13623] veth0_vlan: entered promiscuous mode [ 481.112932][T13623] veth1_vlan: entered promiscuous mode [ 481.808745][T13623] veth0_macvtap: entered promiscuous mode [ 481.819087][T13623] veth1_macvtap: entered promiscuous mode [ 481.858077][T13695] 8021q: adding VLAN 0 to HW filter on device bond0 [ 481.943837][T13623] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 481.982271][T13623] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 482.023207][T13623] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 482.066749][T13623] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 482.104423][T13623] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 482.153515][T13623] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 482.179001][T13623] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 482.225504][T13623] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 482.254773][T13623] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 482.322504][T13695] 8021q: adding VLAN 0 to HW filter on device team0 [ 482.365190][T13623] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 482.402672][T13623] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 482.461984][T13623] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 482.486970][T13623] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 482.508353][T13623] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 482.530808][T13623] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 482.565738][T13623] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 482.587067][T13623] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 482.605019][T13623] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 482.665540][T13623] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 482.696092][T13623] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 482.753518][T13623] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 482.787379][T13623] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 482.826471][ T5094] bridge0: port 1(bridge_slave_0) entered blocking state [ 482.833668][ T5094] bridge0: port 1(bridge_slave_0) entered forwarding state [ 482.926511][ T1146] bridge0: port 2(bridge_slave_1) entered blocking state [ 482.933831][ T1146] bridge0: port 2(bridge_slave_1) entered forwarding state [ 483.244150][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 483.252016][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 483.409163][ T63] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 483.432889][ T63] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 484.011637][T13695] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 484.094459][T13912] PKCS7: Unknown OID: [4] 5.25.264.112.81.102.117 [ 484.109283][T13912] PKCS7: Only support pkcs7_signedData type [ 484.156676][T13695] veth0_vlan: entered promiscuous mode [ 484.180520][T13695] veth1_vlan: entered promiscuous mode [ 484.265089][T13695] veth0_macvtap: entered promiscuous mode [ 484.292530][T13695] veth1_macvtap: entered promiscuous mode [ 484.355254][T13695] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 484.390305][T13695] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 484.402604][T13695] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 484.425500][T13695] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 484.448521][T13695] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 484.478522][T13695] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 484.503504][T13695] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 484.538190][T13695] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 484.583625][T13695] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 484.659033][T13695] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 484.695908][T13695] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 484.952607][T13695] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 485.127886][T13695] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 485.297242][T13695] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 485.364674][T13695] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 485.391225][T13695] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 485.410259][T13695] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 485.420231][T13695] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 485.431186][T13695] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 485.448844][T13695] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 485.459704][T13695] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 485.483093][T13695] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 485.652378][T13695] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 485.668682][T13695] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 485.691740][T13695] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 485.703036][T13695] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 485.862890][ T2866] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 485.882702][ T2866] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 485.959353][ T2787] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 485.972183][ T2787] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 486.791703][T13989] overlayfs: option "index=on" is useless in a non-upper mount, ignore [ 486.819379][T13989] overlayfs: missing 'lowerdir' [ 487.476521][T14006] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3057'. [ 487.508380][T14006] netlink: 64 bytes leftover after parsing attributes in process `syz.3.3057'. [ 487.628593][T14013] cifs: Unknown parameter 'no9 PG!8E8- ŖEeլ' [ 487.769370][ T9] hid-generic 0000:0000:0000.000E: unknown main item tag 0x0 [ 487.785907][ T9] hid-generic 0000:0000:0000.000E: unknown main item tag 0x0 [ 487.831936][ T9] hid-generic 0000:0000:0000.000E: hidraw0: HID v0.00 Device [syz0] on syz1 [ 488.334583][T14040] cifs: Unknown parameter 'no9 PG!8E8- ŖEeլ' [ 488.508398][T14048] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 488.538719][T14048] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 488.591643][T14048] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 488.646453][T14048] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 488.666323][T14048] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 488.687461][T14048] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 488.708133][T14048] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 488.739160][T14048] vhci_hcd vhci_hcd.0: pdev(4) rhport(7) sockfd(17) [ 488.745769][T14048] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 488.803185][T14048] vhci_hcd vhci_hcd.0: Device attached [ 488.822305][T14056] vhci_hcd: connection closed [ 488.831655][ T2787] vhci_hcd: stop threads [ 488.853079][ T2787] vhci_hcd: release socket [ 488.866915][ T2787] vhci_hcd: disconnect device [ 490.278448][ T5138] kernel write not supported for file 638/task/639/gid_map (pid: 5138 comm: kworker/1:5) [ 490.327326][T14086] netlink: 'syz.3.3087': attribute type 11 has an invalid length. [ 490.358746][T14086] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3087'. [ 490.927245][T14108] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3100'. [ 491.855820][T14125] netlink: 'syz.4.3105': attribute type 11 has an invalid length. [ 491.885289][T14125] netlink: 32 bytes leftover after parsing attributes in process `syz.4.3105'. [ 492.121566][ T53] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 492.139717][ T53] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 492.170929][ T53] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 492.189301][ T53] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 492.197242][ T53] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 492.204896][ T53] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 492.329099][ T11] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 492.448788][ T11] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 492.585694][ T11] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 492.840605][ T11] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 493.003527][ T5138] usb 4-1: new high-speed USB device number 28 using dummy_hcd [ 493.144919][T14132] chnl_net:caif_netlink_parms(): no params data found [ 493.203207][ T5138] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 1023, setting to 64 [ 493.216524][ T5138] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9375, bcdDevice=1a.9e [ 493.225684][ T5138] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 493.257309][ T5138] usb 4-1: config 0 descriptor?? [ 493.450649][T14161] netlink: 2 bytes leftover after parsing attributes in process `syz.0.3118'. [ 493.687706][ T5138] ath6kl: Failed to submit usb control message: -71 [ 493.695000][ T5138] ath6kl: unable to send the bmi data to the device: -71 [ 493.702243][ T5138] ath6kl: Unable to send get target info: -71 [ 493.712424][ T5138] ath6kl: Failed to init ath6kl core: -71 [ 493.720171][ T5138] ath6kl_usb 4-1:0.0: probe with driver ath6kl_usb failed with error -71 [ 493.797980][ T5138] usb 4-1: USB disconnect, device number 28 [ 493.842068][ T11] bridge_slave_1: left allmulticast mode [ 493.867931][ T11] bridge_slave_1: left promiscuous mode [ 493.876403][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 493.914614][ T11] bridge_slave_0: left allmulticast mode [ 493.920318][ T11] bridge_slave_0: left promiscuous mode [ 493.941391][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 494.253786][T14173] x_tables: ip_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING [ 494.295962][ T53] Bluetooth: hci3: command tx timeout [ 495.366915][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 495.483240][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 495.588055][ T11] bond0 (unregistering): Released all slaves [ 495.645790][ T11] bond1 (unregistering): Released all slaves [ 495.874382][T14132] bridge0: port 1(bridge_slave_0) entered blocking state [ 495.881596][T14132] bridge0: port 1(bridge_slave_0) entered disabled state [ 495.899593][T14132] bridge_slave_0: entered allmulticast mode [ 495.907163][T14132] bridge_slave_0: entered promiscuous mode [ 495.917848][T14132] bridge0: port 2(bridge_slave_1) entered blocking state [ 495.963917][T14132] bridge0: port 2(bridge_slave_1) entered disabled state [ 495.990188][T14132] bridge_slave_1: entered allmulticast mode [ 496.003225][T14132] bridge_slave_1: entered promiscuous mode [ 496.196377][T14205] ./bus: Can't lookup blockdev [ 496.201909][T14132] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 496.269687][T14205] netlink: 44 bytes leftover after parsing attributes in process `syz.4.3134'. [ 496.287783][T14132] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 496.314524][T14211] netlink: 'syz.4.3134': attribute type 11 has an invalid length. [ 496.364068][ T53] Bluetooth: hci3: command tx timeout [ 496.478461][T14132] team0: Port device team_slave_0 added [ 496.529531][ T11] hsr_slave_0: left promiscuous mode [ 496.545340][ T11] hsr_slave_1: left promiscuous mode [ 496.564309][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 496.573805][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 496.588580][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 496.619203][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 496.681299][ T11] veth1_macvtap: left promiscuous mode [ 496.687874][ T11] veth0_macvtap: left promiscuous mode [ 496.694565][ T11] veth1_vlan: left promiscuous mode [ 496.700527][ T11] veth0_vlan: left promiscuous mode [ 497.773792][ T11] team0 (unregistering): Port device team_slave_1 removed [ 497.874010][ T11] team0 (unregistering): Port device team_slave_0 removed [ 498.344864][T14247] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 498.368305][T14247] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 498.381211][T14247] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 498.394640][T14247] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 498.405045][T14247] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 498.416053][T14247] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 498.428245][T14247] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 498.440375][T14247] vhci_hcd vhci_hcd.0: pdev(0) rhport(7) sockfd(17) [ 498.445941][ T53] Bluetooth: hci3: command tx timeout [ 498.446986][T14247] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 498.471152][T14247] vhci_hcd vhci_hcd.0: Device attached [ 498.495585][T14248] vhci_hcd: connection closed [ 498.496627][ T2787] vhci_hcd: stop threads [ 498.508046][ T2787] vhci_hcd: release socket [ 498.512504][ T2787] vhci_hcd: disconnect device [ 498.631725][T14132] team0: Port device team_slave_1 added [ 498.744353][T14132] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 498.765707][T14132] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 498.823438][T14132] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 498.854514][T14132] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 498.874479][T14132] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 498.954667][T14132] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 498.977880][T14260] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3153'. [ 499.233684][T14132] hsr_slave_0: entered promiscuous mode [ 499.248834][T14132] hsr_slave_1: entered promiscuous mode [ 499.743622][ T9] usb 1-1: new high-speed USB device number 27 using dummy_hcd [ 499.977619][ T9] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 499.991416][T14132] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 499.994601][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 500.010703][T14132] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 500.018447][ T9] usb 1-1: Product: syz [ 500.018470][ T9] usb 1-1: Manufacturer: syz [ 500.018485][ T9] usb 1-1: SerialNumber: syz [ 500.039072][T14132] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 500.042159][ T9] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 500.071168][T14132] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 500.182683][ T5140] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 500.360760][T14132] 8021q: adding VLAN 0 to HW filter on device bond0 [ 500.417163][T14132] 8021q: adding VLAN 0 to HW filter on device team0 [ 500.462291][ T5136] bridge0: port 1(bridge_slave_0) entered blocking state [ 500.469651][ T5136] bridge0: port 1(bridge_slave_0) entered forwarding state [ 500.523725][ T53] Bluetooth: hci3: command tx timeout [ 500.593119][ T5139] bridge0: port 2(bridge_slave_1) entered blocking state [ 500.600378][ T5139] bridge0: port 2(bridge_slave_1) entered forwarding state [ 501.231839][ T9] usb 1-1: USB disconnect, device number 27 [ 501.261923][T14132] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 501.270380][ T5140] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive [ 501.287012][ T5140] ath9k_htc: Failed to initialize the device [ 501.346527][ T9] usb 1-1: ath9k_htc: USB layer deinitialized [ 501.400415][T14132] veth0_vlan: entered promiscuous mode [ 501.626499][T14132] veth1_vlan: entered promiscuous mode [ 502.072047][T14132] veth0_macvtap: entered promiscuous mode [ 502.135808][T14132] veth1_macvtap: entered promiscuous mode [ 502.145391][T14287] netlink: 2 bytes leftover after parsing attributes in process `syz.4.3161'. [ 502.195855][T14132] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 502.240650][T14132] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 502.267399][T14132] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 502.303827][T14132] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 502.322963][T14132] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 502.339179][T14132] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 502.362260][T14132] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 502.374044][T14132] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 502.395810][T14132] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 502.409828][T14132] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 502.438795][T14132] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 502.454951][T14296] netlink: 168 bytes leftover after parsing attributes in process `syz.4.3164'. [ 502.496814][T14132] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 502.523480][T14132] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 502.563535][T14132] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 502.595445][T14132] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 502.623406][T14132] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 502.644631][T14132] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 502.683501][T14132] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 502.713512][T14132] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 502.725622][T14132] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 502.747132][T14315] ./bus: Can't lookup blockdev [ 502.754359][T14132] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 502.775197][T14132] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 502.807196][T14132] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 502.830298][T14132] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 502.853468][T14132] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 502.862206][T14132] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 502.901503][T14312] netlink: 44 bytes leftover after parsing attributes in process `syz.4.3172'. [ 502.961565][T14312] netlink: 'syz.4.3172': attribute type 11 has an invalid length. [ 503.180918][ T2787] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 503.221500][ T2787] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 503.224553][ T2811] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 503.242800][ T2811] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 504.774400][T14334] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 504.787129][T14334] overlayfs: failed to set xattr on upper [ 504.792966][T14334] overlayfs: ...falling back to redirect_dir=nofollow. [ 504.803028][T14334] overlayfs: ...falling back to index=off. [ 504.809172][T14334] overlayfs: ...falling back to uuid=null. [ 504.816464][T14334] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 504.993629][ T5140] usb 4-1: new high-speed USB device number 29 using dummy_hcd [ 505.190522][ T5140] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 505.212148][ T5140] usb 4-1: New USB device found, idVendor=050f, idProduct=0190, bcdDevice=2b.a5 [ 505.243814][ T5140] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 505.275540][ T5140] usb 4-1: config 0 descriptor?? [ 505.290774][ T5140] cdc_subset 4-1:0.0: probe with driver cdc_subset failed with error -22 [ 505.570238][ T5136] usb 4-1: USB disconnect, device number 29 [ 505.571456][T14359] syz_tun: entered promiscuous mode [ 505.591466][T14359] syz_tun: left promiscuous mode [ 507.238480][T14404] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 507.294921][T14404] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 507.337385][T14404] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 507.364416][T14404] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 507.394747][T14404] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 507.441231][T14404] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 507.465184][T14404] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 507.533458][T14404] vhci_hcd vhci_hcd.0: pdev(3) rhport(7) sockfd(17) [ 507.540107][T14404] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 507.603562][T14404] vhci_hcd vhci_hcd.0: Device attached [ 507.633304][T14411] vhci_hcd: connection closed [ 507.635505][ T2840] vhci_hcd: stop threads [ 507.696483][ T2840] vhci_hcd: release socket [ 507.700993][ T2840] vhci_hcd: disconnect device [ 507.861089][T14427] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3216'. [ 507.893602][ T5139] usb 1-1: new high-speed USB device number 28 using dummy_hcd [ 508.107578][ T5139] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 508.151452][ T5139] usb 1-1: New USB device found, idVendor=050f, idProduct=0190, bcdDevice=2b.a5 [ 508.194936][ T5139] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 508.250864][ T5139] usb 1-1: config 0 descriptor?? [ 508.257923][ T5139] cdc_subset 1-1:0.0: probe with driver cdc_subset failed with error -22 [ 509.282826][ T9] usb 1-1: USB disconnect, device number 28 [ 512.644743][T14466] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 512.789160][T14469] hub 6-0:1.0: USB hub found [ 512.797132][T14469] hub 6-0:1.0: 1 port detected [ 517.553602][ T5139] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 517.940602][ T5139] usb 2-1: Using ep0 maxpacket: 16 [ 518.485780][ T5139] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 33032, setting to 1024 [ 518.511123][ T5139] usb 2-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 518.545028][ T5139] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 518.600975][ T5139] usb 2-1: config 0 descriptor?? [ 518.806052][T14583] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 518.843133][T14585] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3281'. [ 518.909583][T14585] bond1: entered promiscuous mode [ 518.921069][T14590] bond1: (slave lo): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 518.990852][T14590] lo: entered promiscuous mode [ 518.998492][T14590] bond1: (slave lo): Enslaving as an active interface with an up link [ 519.013532][ T5094] usb 3-1: new high-speed USB device number 29 using dummy_hcd [ 519.014823][T14542] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 519.033861][T14542] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 519.087320][ T5139] hid-generic 0003:0158:0100.000F: unknown main item tag 0x1 [ 519.095299][ T5139] hid-generic 0003:0158:0100.000F: unexpected long global item [ 519.103770][ T5139] hid-generic 0003:0158:0100.000F: probe with driver hid-generic failed with error -22 [ 519.201907][ T5094] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 1023, setting to 64 [ 519.227426][ T5094] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9375, bcdDevice=1a.9e [ 519.254230][ T5094] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 519.441485][ T5094] usb 3-1: config 0 descriptor?? [ 519.504276][ T5140] usb 2-1: USB disconnect, device number 16 [ 520.130285][ T5094] ath6kl: Failed to submit usb control message: -71 [ 520.142090][ T5094] ath6kl: unable to send the bmi data to the device: -71 [ 520.150119][ T5094] ath6kl: Unable to send get target info: -71 [ 520.202016][ T5094] ath6kl: Failed to init ath6kl core: -71 [ 520.233327][ T5094] ath6kl_usb 3-1:0.0: probe with driver ath6kl_usb failed with error -71 [ 520.284077][ T5094] usb 3-1: USB disconnect, device number 29 [ 520.524926][T14616] Process accounting resumed [ 520.578051][T14620] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 520.763099][T14632] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 520.787080][T14632] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 520.814494][T14632] netlink: 'syz.4.3298': attribute type 3 has an invalid length. [ 520.822605][T14632] A link change request failed with some changes committed already. Interface batadv_slave_0 may have been left with an inconsistent configuration, please check. [ 521.977817][T14665] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 522.003542][T14665] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 522.029151][T14665] netlink: 'syz.3.3312': attribute type 3 has an invalid length. [ 522.067925][T14665] A link change request failed with some changes committed already. Interface batadv_slave_0 may have been left with an inconsistent configuration, please check. [ 522.468545][T14690] tipc: Failed to remove unknown binding: 66,1,1/0:794520799/794520801 [ 522.493822][T14690] tipc: Failed to remove unknown binding: 66,1,1/0:794520799/794520801 [ 523.813858][ T5140] usb 3-1: new high-speed USB device number 30 using dummy_hcd [ 523.944136][T14721] No such timeout policy "syz1" [ 524.025825][ T5140] usb 3-1: Using ep0 maxpacket: 16 [ 524.058670][ T5140] usb 3-1: New USB device found, idVendor=045e, idProduct=0775, bcdDevice=98.5e [ 524.078058][ T5140] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 524.092703][ T5140] usb 3-1: Product: syz [ 524.101833][ T5140] usb 3-1: Manufacturer: syz [ 524.106641][ T5140] usb 3-1: SerialNumber: syz [ 524.132909][ T5140] usb 3-1: config 0 descriptor?? [ 524.268997][T14729] tipc: Failed to remove unknown binding: 66,1,1/0:3337273179/3337273181 [ 524.269065][T14729] tipc: Failed to remove unknown binding: 66,1,1/0:3337273179/3337273181 [ 524.285830][ T5101] Bluetooth: hci5: command 0x0406 tx timeout [ 524.364145][ T5140] usb 3-1: USB disconnect, device number 30 [ 524.927257][ T784] usb 1-1: new high-speed USB device number 29 using dummy_hcd [ 525.166401][ T784] usb 1-1: config 0 has an invalid interface number: 112 but max is 0 [ 525.180322][ T784] usb 1-1: config 0 has no interface number 0 [ 525.207392][ T784] usb 1-1: config 0 interface 112 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0 [ 525.243785][ T784] usb 1-1: config 0 interface 112 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 525.294351][ T784] usb 1-1: New USB device found, idVendor=0b05, idProduct=1786, bcdDevice=9f.90 [ 525.317322][ T784] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 525.337179][ T784] usb 1-1: Product: syz [ 525.349815][ T784] usb 1-1: Manufacturer: syz [ 525.359577][ T784] usb 1-1: SerialNumber: syz [ 525.384767][ T784] usb 1-1: config 0 descriptor?? [ 525.414451][ T784] r8712u: register rtl8712_netdev_ops to netdev_ops [ 525.421058][ T784] usb 1-1: r8712u: USB_SPEED_HIGH with 1 endpoints [ 525.662448][ T784] usb 1-1: r8712u: Boot from EFUSE: Autoload Failed [ 525.685344][ T784] usb 1-1: r8712u: MAC Address from efuse = 00:e0:4c:87:00:00 [ 525.712617][ T784] usb 1-1: r8712u: Loading firmware from "rtlwifi/rtl8712u.bin" [ 525.747359][ T784] usb 1-1: USB disconnect, device number 29 [ 526.950422][T14788] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3360'. [ 527.001716][T14788] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3360'. [ 527.343557][ T5094] usb 4-1: new high-speed USB device number 30 using dummy_hcd [ 527.679012][ T5094] usb 4-1: config 0 has an invalid interface number: 195 but max is 0 [ 527.766592][ T5094] usb 4-1: config 0 has no interface number 0 [ 527.828166][ T5094] usb 4-1: New USB device found, idVendor=041e, idProduct=400a, bcdDevice=9e.b6 [ 527.860226][ T5094] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 527.901094][ T5094] usb 4-1: Product: syz [ 527.917749][ T5094] usb 4-1: Manufacturer: syz [ 527.952989][ T5094] usb 4-1: SerialNumber: syz [ 527.989095][ T5094] usb 4-1: config 0 descriptor?? [ 528.006551][ T5094] gspca_main: spca500-2.14.0 probing 041e:400a [ 528.541029][T14802] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3365'. [ 529.852660][ T5139] usb 4-1: USB disconnect, device number 30 [ 531.723759][ T784] usb 5-1: new high-speed USB device number 24 using dummy_hcd [ 531.933500][ T784] usb 5-1: Using ep0 maxpacket: 32 [ 531.954241][ T784] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 531.993497][ T784] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024 [ 532.035654][ T784] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 532.112082][ T784] usb 5-1: New USB device found, idVendor=05ac, idProduct=020f, bcdDevice= 0.22 [ 532.117598][ T5094] usb 3-1: new high-speed USB device number 31 using dummy_hcd [ 532.163383][ T784] usb 5-1: New USB device strings: Mfr=1, Product=130, SerialNumber=131 [ 532.200629][ T784] usb 5-1: Product: syz [ 532.240789][ T784] usb 5-1: Manufacturer: syz [ 532.383446][ T5094] usb 3-1: Using ep0 maxpacket: 8 [ 532.708463][ T784] usb 5-1: SerialNumber: syz [ 532.733321][T14843] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 532.810926][ T784] input: appletouch as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/input/input31 [ 533.064566][ T5094] usb 3-1: config index 0 descriptor too short (expected 6427, got 27) [ 533.072871][ T5094] usb 3-1: config 0 has an invalid interface number: 21 but max is 0 [ 533.103429][ T5094] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 533.133682][ T5094] usb 3-1: config 0 has no interface number 0 [ 533.139826][ T5094] usb 3-1: config 0 interface 21 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 533.198196][ T5094] usb 3-1: New USB device found, idVendor=06cd, idProduct=0202, bcdDevice=92.d4 [ 533.228202][ T5094] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 533.264596][ T5094] usb 3-1: config 0 descriptor?? [ 533.614308][ T5094] usb 5-1: USB disconnect, device number 24 [ 533.634545][T14851] xt_connbytes: Forcing CT accounting to be enabled [ 533.667845][ T5094] appletouch 5-1:1.0: input: appletouch disconnected [ 533.674756][T14851] Cannot find add_set index 0 as target [ 533.729848][ T784] usb 3-1: USB disconnect, device number 31 [ 534.443668][ T5101] Bluetooth: hci3: command 0x0405 tx timeout [ 535.375840][ T29] kauditd_printk_skb: 56 callbacks suppressed [ 535.375859][ T29] audit: type=1400 audit(1720362508.719:3149): lsm=SMACK fn=smack_key_permission action=denied subject="I" object="_" requested=w pid=14899 comm="syz.2.3403" key_serial=65862999 key_desc="_uid.0" [ 536.922379][T14929] netlink: 'syz.0.3414': attribute type 6 has an invalid length. [ 536.968577][T14929] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3414'. [ 536.999532][ T5094] hid-generic 0000:0000:0000.0010: unknown main item tag 0x0 [ 537.018200][ T5094] hid-generic 0000:0000:0000.0010: unknown main item tag 0x0 [ 537.033762][ T5094] hid-generic 0000:0000:0000.0010: unknown main item tag 0x0 [ 537.073277][ T5094] hid-generic 0000:0000:0000.0010: unknown main item tag 0x0 [ 537.096325][T14933] syz.4.3412 uses old SIOCAX25GETINFO [ 537.120358][ T5094] hid-generic 0000:0000:0000.0010: unknown main item tag 0x0 [ 537.131779][ T5094] hid-generic 0000:0000:0000.0010: unknown main item tag 0x0 [ 537.199556][ T5094] hid-generic 0000:0000:0000.0010: unknown main item tag 0x0 [ 537.273451][ T5140] usb 3-1: new high-speed USB device number 32 using dummy_hcd [ 537.320832][ T5094] hid-generic 0000:0000:0000.0010: unknown main item tag 0x0 [ 537.420910][ T5094] hid-generic 0000:0000:0000.0010: unknown main item tag 0x0 [ 537.532053][ T5094] hid-generic 0000:0000:0000.0010: unknown main item tag 0x0 [ 537.584984][ T5140] usb 3-1: config 0 has no interfaces? [ 537.673416][ T5140] usb 3-1: New USB device found, idVendor=1a34, idProduct=0802, bcdDevice= 0.00 [ 537.682579][ T5094] hid-generic 0000:0000:0000.0010: unknown main item tag 0x0 [ 537.741602][ T5094] hid-generic 0000:0000:0000.0010: unknown main item tag 0x0 [ 537.752955][ T5140] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 537.781770][ T5094] hid-generic 0000:0000:0000.0010: unknown main item tag 0x0 [ 537.827361][ T5140] usb 3-1: config 0 descriptor?? [ 537.839191][ T5094] hid-generic 0000:0000:0000.0010: unknown main item tag 0x0 [ 537.863568][ T5094] hid-generic 0000:0000:0000.0010: unknown main item tag 0x0 [ 537.887796][ T5094] hid-generic 0000:0000:0000.0010: unknown main item tag 0x0 [ 537.905932][ T5094] hid-generic 0000:0000:0000.0010: unknown main item tag 0x0 [ 537.921966][ T5094] hid-generic 0000:0000:0000.0010: unknown main item tag 0x0 [ 537.939973][ T5094] hid-generic 0000:0000:0000.0010: unknown main item tag 0x0 [ 537.960319][ T5094] hid-generic 0000:0000:0000.0010: unknown main item tag 0x0 [ 537.990822][ T5094] hid-generic 0000:0000:0000.0010: unknown main item tag 0x0 [ 538.000978][ T5094] hid-generic 0000:0000:0000.0010: unknown main item tag 0x0 [ 538.021339][ T5094] hid-generic 0000:0000:0000.0010: unknown main item tag 0x0 [ 538.031685][ T5094] hid-generic 0000:0000:0000.0010: unknown main item tag 0x0 [ 538.081762][ T5094] hid-generic 0000:0000:0000.0010: unknown main item tag 0x0 [ 538.139569][ T5094] hid-generic 0000:0000:0000.0010: unknown main item tag 0x0 [ 538.169785][ T5094] hid-generic 0000:0000:0000.0010: unknown main item tag 0x0 [ 538.783487][ T5094] hid-generic 0000:0000:0000.0010: unknown main item tag 0x0 [ 538.799484][ T5094] hid-generic 0000:0000:0000.0010: unknown main item tag 0x0 [ 538.904132][ T5094] hid-generic 0000:0000:0000.0010: unknown main item tag 0x0 [ 538.944081][ T5094] hid-generic 0000:0000:0000.0010: unknown main item tag 0x0 [ 538.993078][ T5094] hid-generic 0000:0000:0000.0010: unknown main item tag 0x0 [ 539.075675][ T5094] hid-generic 0000:0000:0000.0010: hidraw0: HID v0.00 Device [syz0] on syz0 [ 539.248892][T14960] netlink: 'syz.1.3425': attribute type 6 has an invalid length. [ 539.266227][T14960] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3425'. [ 539.660406][T14972] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3429'. [ 539.691710][ T5140] usb 3-1: USB disconnect, device number 32 [ 540.386082][T14978] [ 540.388424][T14978] ====================================================== [ 540.395419][T14978] WARNING: possible circular locking dependency detected [ 540.402411][T14978] 6.10.0-rc6-syzkaller-00223-gc6653f49e4fd #0 Not tainted [ 540.409492][T14978] ------------------------------------------------------ [ 540.416480][T14978] syz.1.3432/14978 is trying to acquire lock: [ 540.422534][T14978] ffff8880b94387e8 (lock#13){+.+.}-{2:2}, at: __mmap_lock_do_trace_acquire_returned+0x8f/0x630 [ 540.432868][T14978] [ 540.432868][T14978] but task is already holding lock: [ 540.440206][T14978] ffff8880b943e758 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0xb0/0x140 [ 540.449659][T14978] [ 540.449659][T14978] which lock already depends on the new lock. [ 540.449659][T14978] [ 540.460034][T14978] [ 540.460034][T14978] the existing dependency chain (in reverse order) is: [ 540.469020][T14978] [ 540.469020][T14978] -> #2 (&rq->__lock){-.-.}-{2:2}: [ 540.476289][T14978] lock_acquire+0x1ed/0x550 [ 540.481294][T14978] _raw_spin_lock_nested+0x31/0x40 [ 540.486902][T14978] raw_spin_rq_lock_nested+0x2a/0x140 [ 540.492835][T14978] sched_mm_cid_exit_signals+0x17b/0x4b0 [ 540.498976][T14978] exit_signals+0x2a1/0x5c0 [ 540.503984][T14978] do_exit+0x6b4/0x27e0 [ 540.508643][T14978] __pfx___ia32_sys_exit+0x0/0x10 [ 540.514169][T14978] do_syscall_64+0xf3/0x230 [ 540.519173][T14978] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 540.525566][T14978] [ 540.525566][T14978] -> #1 (&sighand->siglock){-.-.}-{2:2}: [ 540.533356][T14978] lock_acquire+0x1ed/0x550 [ 540.538376][T14978] _raw_spin_lock_irqsave+0xd5/0x120 [ 540.544161][T14978] __lock_task_sighand+0x149/0x2d0 [ 540.549787][T14978] group_send_sig_info+0x274/0x310 [ 540.555413][T14978] bpf_send_signal_common+0x2dd/0x430 [ 540.561282][T14978] bpf_send_signal_thread+0x16/0x20 [ 540.567004][T14978] 0xffffffffa00007e5 [ 540.571483][T14978] bpf_trace_run4+0x334/0x590 [ 540.576658][T14978] __mmap_lock_do_trace_acquire_returned+0x5c8/0x630 [ 540.583831][T14978] vm_mmap_pgoff+0x3a7/0x3d0 [ 540.588923][T14978] ksys_mmap_pgoff+0x4f1/0x720 [ 540.594183][T14978] do_syscall_64+0xf3/0x230 [ 540.599186][T14978] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 540.605579][T14978] [ 540.605579][T14978] -> #0 (lock#13){+.+.}-{2:2}: [ 540.612504][T14978] validate_chain+0x18e0/0x5900 [ 540.617855][T14978] __lock_acquire+0x1346/0x1fd0 [ 540.623199][T14978] lock_acquire+0x1ed/0x550 [ 540.628196][T14978] __mmap_lock_do_trace_acquire_returned+0xa8/0x630 [ 540.635281][T14978] stack_map_get_build_id_offset+0x9af/0x9d0 [ 540.641757][T14978] __bpf_get_stack+0x4ad/0x5a0 [ 540.647014][T14978] bpf_get_stack_raw_tp+0x1a3/0x240 [ 540.652731][T14978] bpf_prog_ec3b2eefa702d8d3+0x42/0x46 [ 540.658685][T14978] bpf_trace_run2+0x2ec/0x540 [ 540.663859][T14978] trace_tlb_flush+0x118/0x140 [ 540.669121][T14978] switch_mm_irqs_off+0x7cb/0xae0 [ 540.674643][T14978] __schedule+0x1066/0x49d0 [ 540.679655][T14978] preempt_schedule_common+0x84/0xd0 [ 540.685482][T14978] preempt_schedule+0xe1/0xf0 [ 540.690671][T14978] preempt_schedule_thunk+0x1a/0x30 [ 540.696374][T14978] _raw_spin_unlock+0x3e/0x50 [ 540.701552][T14978] __text_poke+0xa6b/0xd30 [ 540.706464][T14978] text_poke_bp_batch+0x265/0xb30 [ 540.711984][T14978] text_poke_finish+0x30/0x50 [ 540.717155][T14978] arch_jump_label_transform_apply+0x1c/0x30 [ 540.723632][T14978] static_key_enable_cpuslocked+0x136/0x260 [ 540.730023][T14978] static_key_enable+0x1a/0x20 [ 540.735286][T14978] tracepoint_add_func+0x953/0x9e0 [ 540.740915][T14978] tracepoint_probe_register_prio_may_exist+0x122/0x190 [ 540.748438][T14978] bpf_raw_tp_link_attach+0x48b/0x6e0 [ 540.754382][T14978] bpf_raw_tracepoint_open+0x1c2/0x240 [ 540.760337][T14978] __sys_bpf+0x3c0/0x810 [ 540.765096][T14978] __x64_sys_bpf+0x7c/0x90 [ 540.770013][T14978] do_syscall_64+0xf3/0x230 [ 540.775033][T14978] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 540.781442][T14978] [ 540.781442][T14978] other info that might help us debug this: [ 540.781442][T14978] [ 540.791647][T14978] Chain exists of: [ 540.791647][T14978] lock#13 --> &sighand->siglock --> &rq->__lock [ 540.791647][T14978] [ 540.803834][T14978] Possible unsafe locking scenario: [ 540.803834][T14978] [ 540.811284][T14978] CPU0 CPU1 [ 540.816645][T14978] ---- ---- [ 540.822066][T14978] lock(&rq->__lock); [ 540.826139][T14978] lock(&sighand->siglock); [ 540.833230][T14978] lock(&rq->__lock); [ 540.839797][T14978] lock(lock#13); [ 540.843507][T14978] [ 540.843507][T14978] *** DEADLOCK *** [ 540.843507][T14978] [ 540.851818][T14978] 8 locks held by syz.1.3432/14978: [ 540.857006][T14978] #0: ffffffff8e380808 (tracepoints_mutex){+.+.}-{3:3}, at: tracepoint_probe_register_prio_may_exist+0xbb/0x190 [ 540.868911][T14978] #1: ffffffff8e1ce5b0 (cpu_hotplug_lock){++++}-{0:0}, at: static_key_enable+0x12/0x20 [ 540.878651][T14978] #2: ffffffff8e3e1888 (jump_label_mutex){+.+.}-{3:3}, at: static_key_enable_cpuslocked+0xd7/0x260 [ 540.889426][T14978] #3: ffffffff8e1e3688 (text_mutex){+.+.}-{3:3}, at: arch_jump_label_transform_apply+0x17/0x30 [ 540.899835][T14978] #4: ffffffff8e333f20 (rcu_read_lock){....}-{1:2}, at: __pte_offset_map+0x82/0x380 [ 540.909292][T14978] #5: ffff8880b943e758 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0xb0/0x140 [ 540.919185][T14978] #6: ffffffff8e333f20 (rcu_read_lock){....}-{1:2}, at: bpf_trace_run2+0x1fc/0x540 [ 540.928552][T14978] #7: ffff88801d2bb118 (&mm->mmap_lock){++++}-{3:3}, at: stack_map_get_build_id_offset+0x237/0x9d0 [ 540.939305][T14978] [ 540.939305][T14978] stack backtrace: [ 540.945166][T14978] CPU: 0 PID: 14978 Comm: syz.1.3432 Not tainted 6.10.0-rc6-syzkaller-00223-gc6653f49e4fd #0 [ 540.955290][T14978] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 540.965320][T14978] Call Trace: [ 540.968576][T14978] [ 540.971490][T14978] dump_stack_lvl+0x241/0x360 [ 540.976170][T14978] ? __pfx_dump_stack_lvl+0x10/0x10 [ 540.981438][T14978] ? print_circular_bug+0x130/0x1a0 [ 540.986617][T14978] check_noncircular+0x36a/0x4a0 [ 540.991529][T14978] ? hlock_conflict+0x59/0x1e0 [ 540.996272][T14978] ? __pfx_check_noncircular+0x10/0x10 [ 541.001794][T14978] ? lockdep_lock+0x123/0x2b0 [ 541.006448][T14978] ? __pfx_lock_release+0x10/0x10 [ 541.011447][T14978] validate_chain+0x18e0/0x5900 [ 541.016282][T14978] ? __pfx_validate_chain+0x10/0x10 [ 541.021456][T14978] ? validate_chain+0x11e/0x5900 [ 541.026377][T14978] ? mark_lock+0x9a/0x350 [ 541.030702][T14978] ? mark_lock+0x9a/0x350 [ 541.035010][T14978] __lock_acquire+0x1346/0x1fd0 [ 541.039840][T14978] lock_acquire+0x1ed/0x550 [ 541.044320][T14978] ? __mmap_lock_do_trace_acquire_returned+0x8f/0x630 [ 541.051081][T14978] ? __pfx_lock_acquire+0x10/0x10 [ 541.056080][T14978] ? validate_chain+0x11e/0x5900 [ 541.061083][T14978] ? exc_int3+0xe/0x80 [ 541.065148][T14978] ? __mmap_lock_do_trace_acquire_returned+0x8f/0x630 [ 541.071907][T14978] __mmap_lock_do_trace_acquire_returned+0xa8/0x630 [ 541.078473][T14978] ? __mmap_lock_do_trace_acquire_returned+0x8f/0x630 [ 541.085211][T14978] stack_map_get_build_id_offset+0x9af/0x9d0 [ 541.091168][T14978] ? __pfx_stack_map_get_build_id_offset+0x10/0x10 [ 541.097646][T14978] __bpf_get_stack+0x4ad/0x5a0 [ 541.102391][T14978] ? __pfx___bpf_get_stack+0x10/0x10 [ 541.107658][T14978] ? __pfx___cant_migrate+0x10/0x10 [ 541.112833][T14978] bpf_get_stack_raw_tp+0x1a3/0x240 [ 541.118009][T14978] ? bpf_trace_run2+0x1fc/0x540 [ 541.122841][T14978] bpf_prog_ec3b2eefa702d8d3+0x42/0x46 [ 541.128274][T14978] bpf_trace_run2+0x2ec/0x540 [ 541.132930][T14978] ? rcu_is_watching+0x15/0xb0 [ 541.137688][T14978] ? __pfx_bpf_trace_run2+0x10/0x10 [ 541.142903][T14978] trace_tlb_flush+0x118/0x140 [ 541.147653][T14978] switch_mm_irqs_off+0x7cb/0xae0 [ 541.152659][T14978] ? __pfx_switch_mm_irqs_off+0x10/0x10 [ 541.158189][T14978] __schedule+0x1066/0x49d0 [ 541.162679][T14978] ? __pfx___schedule+0x10/0x10 [ 541.167506][T14978] ? bpf_trace_run2+0x36e/0x540 [ 541.172341][T14978] ? preempt_schedule+0xe1/0xf0 [ 541.177183][T14978] preempt_schedule_common+0x84/0xd0 [ 541.182476][T14978] preempt_schedule+0xe1/0xf0 [ 541.187136][T14978] ? __pfx_preempt_schedule+0x10/0x10 [ 541.192489][T14978] ? lock_mm_and_find_vma+0x3d/0x2f0 [ 541.197759][T14978] ? lock_mm_and_find_vma+0x3d/0x2f0 [ 541.203026][T14978] preempt_schedule_thunk+0x1a/0x30 [ 541.208208][T14978] _raw_spin_unlock+0x3e/0x50 [ 541.212867][T14978] __text_poke+0xa6b/0xd30 [ 541.217268][T14978] ? lock_mm_and_find_vma+0x3d/0x2f0 [ 541.222617][T14978] ? __pfx_text_poke_memcpy+0x10/0x10 [ 541.227970][T14978] ? __pfx___text_poke+0x10/0x10 [ 541.232906][T14978] ? __pfx___might_resched+0x10/0x10 [ 541.238167][T14978] ? __mutex_trylock_common+0x183/0x2e0 [ 541.243689][T14978] ? __pfx___might_resched+0x10/0x10 [ 541.248955][T14978] ? lock_mm_and_find_vma+0x3d/0x2f0 [ 541.254221][T14978] text_poke_bp_batch+0x265/0xb30 [ 541.259224][T14978] ? __pfx_text_poke_bp_batch+0x10/0x10 [ 541.264742][T14978] ? __pfx___mutex_lock+0x10/0x10 [ 541.269742][T14978] ? arch_jump_label_transform_queue+0x9b/0x100 [ 541.275961][T14978] text_poke_finish+0x30/0x50 [ 541.280612][T14978] arch_jump_label_transform_apply+0x1c/0x30 [ 541.286573][T14978] static_key_enable_cpuslocked+0x136/0x260 [ 541.292443][T14978] ? __pfx___bpf_trace_mmap_lock_acquire_returned+0x10/0x10 [ 541.299707][T14978] static_key_enable+0x1a/0x20 [ 541.304447][T14978] tracepoint_add_func+0x953/0x9e0 [ 541.309537][T14978] ? __pfx___bpf_trace_mmap_lock_acquire_returned+0x10/0x10 [ 541.316799][T14978] tracepoint_probe_register_prio_may_exist+0x122/0x190 [ 541.323710][T14978] ? __pfx_tracepoint_probe_register_prio_may_exist+0x10/0x10 [ 541.331142][T14978] ? __pfx___bpf_trace_mmap_lock_acquire_returned+0x10/0x10 [ 541.338404][T14978] ? anon_inode_getfile+0xff/0x180 [ 541.343493][T14978] ? bpf_probe_register+0x134/0x1f0 [ 541.348669][T14978] bpf_raw_tp_link_attach+0x48b/0x6e0 [ 541.354017][T14978] ? __pfx_bpf_raw_tp_link_attach+0x10/0x10 [ 541.359892][T14978] bpf_raw_tracepoint_open+0x1c2/0x240 [ 541.365326][T14978] __sys_bpf+0x3c0/0x810 [ 541.369547][T14978] ? __pfx___sys_bpf+0x10/0x10 [ 541.374292][T14978] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 541.380254][T14978] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 541.386556][T14978] ? do_syscall_64+0x100/0x230 [ 541.391297][T14978] __x64_sys_bpf+0x7c/0x90 [ 541.395693][T14978] do_syscall_64+0xf3/0x230 [ 541.400175][T14978] ? clear_bhb_loop+0x35/0x90 [ 541.404834][T14978] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 541.410706][T14978] RIP: 0033:0x7fdd7e375bd9 [ 541.415095][T14978] Code: Unable to access opcode bytes at 0x7fdd7e375baf. [ 541.422084][T14978] RSP: 002b:00007fdd7f19e048 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 541.430472][T14978] RAX: ffffffffffffffda RBX: 00007fdd7e503f60 RCX: 00007fdd7e375bd9 [ 541.438417][T14978] RDX: 0000000000000010 RSI: 0000000020000000 RDI: 0000000000000011 [ 541.446362][T14978] RBP: 00007fdd7e3e4aa1 R08: 0000000000000000 R09: 0000000000000000 [ 541.454306][T14978] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 541.462248][T14978] R13: 000000000000000b R14: 00007fdd7e503f60 R15: 00007ffef30a4ce8 [ 541.470200][T14978]